The upgrade deployment script failed to call an important initialization function, leaving the vote threshold at zero and allowing anyone to withdraw “without signature.”
The $10 million Ronin bridge exploit on Aug. 6 was caused by a faulty upgrade deployment script, according to a report from blockchain security firm Verichains.
The upgrade reduced the voting threshold for validators to zero, essentially allowing any user to withdraw from the bridge “without signature,” Verichains stated.
The bot’s owner later returned most of the funds to the Ronin team.
