Aurora Labs paid white hackers $2 million for bugs found

The project team began working on a long-term and reliable solution to the problems

04.09.2022 - 07:30

120

1 min

What’s new? In June, the Aurora Labs team received two reports containing information on the identified critical vulnerabilities. The company paid the authors of these reports remunerations of $1 million each in Aurora tokens (AURORA). Information about this appeared on the team’s blog.

Information on the blog

What did the white hackers discover? They discovered the first vulnerability in the operation of the cross-chain bridge, NEAR Rainbow Bridge, to transfer funds between Ethereum and Aurora with NEAR. According to white hackers’ theory, an attacker could force the Aurora Engine to create a fake proof of token burning, provide it to the bridge, and withdraw funds from the vault. The project team has begun working on a long-term, reliable solution based on proof of state.

White hackers also found a vulnerability related to token transfer from Ethereum to Aurora. According to them, the attackers could have sent the recipient wrapped tokens and charged a fee of up to 18,4 ETH.

What is known about Aurora? It is an EVM blockchain based on the NEAR protocol, which is being developed by Aurora Labs. The platform provides developers with a ready-made solution for running their applications on an Ethereum-compatible, high-performance, scalable and secure platform.

Earlier, white hackers returned about $9 million in cryptocurrency to a blockchain address belonging to Nomad’s cross-chain protocol. On August 2, Nomad underwent an exploit, during which white hackers withdrew part of the funds in order to protect them from theft.

Author: