ZetaChain Exploited, Vulnerability May Originate from Flaw in GatewayZEVM Call Function

SlowMist stated ZetaChain has been exploited. Preliminary analysis indicates the root cause of the vulnerability lies in the lack of access control and input validation in the call function of the GatewayZEVM contract. This allowed attackers to initiate malicious cross-chain calls and, via the relayer mechanism, execute arbitrary operations on the target chain to transfer funds.SlowMist noted that the attacker forged cross-chain events to trigger the relayer into executing malicious calls, thereby stealing funds. The relevant attack transactions have been disclosed.