Developer reveals details of Avalanche’s network patched vulnerability
The problem discovered in March of this year could have disabled the blockchain completely
09.09.2022 - 12:45
332
2 min
0
What’s new? Developer Péter Szilágyi has published a report on a vulnerability on the Avalanchenetwork. The problem was discovered on March 29, 2022, and threatened to completely disable the blockchain for 2000 AVAX (~$40 200 at the current rate). Szilágyi discovered the bug and offered a patch to fix it. The problem was fixed the same day with this patch. With Avalanche’s latest hard fork, all nodes run the patched software. The specialist shared details with the permission of Ava Labs engineer Patrick O’Grady.
More details about the bug. Such a bug was called “remote node crash via malicious PeerList package.” The hacker had two options to attack. The first was to run a non-validator node to transmit malicious packets. Szilágyi noted that such a trivial option would have taken longer to shut down the network.
According to the second option, the attacker could register as a new validator and send out infected packets for the price of 2000 AVAX that are used for network interaction. Szilágyi called the price acceptable because such a choice would have brought the hacker “a sweet profit.” The expert also noted that in this scenario, the network would have recovered in a few hours.
On September 7, Nereus Finance, a decentralized platform, was hacked, causing hackers to withdraw $370 000 in USD Coin (USDC) stablecoins. The attack involved flash loans and manipulation of the price of AVAX tokens.
In June, crypto wallets MetaMask and Phantom fixed a critical vulnerability in a browser software extension. The bug, discovered by Halborn back in September 2021, allowed hackers to extract seed phrases from users’ computers.
Useful material?
Market
The company’s unrealized profits from investing in its first cryptocurrency approached $14 billion
Nov 19, 2024
Incidents
The search, the reason for which was not announced, took place a week after the election, the results of which Polymarket users predicted quite accurately
Nov 14, 2024
Market
Analysts point to the growing popularity of the first cryptocurrency as a safe haven asset
Nov 13, 2024
Market
The product will begin trading on the Swiss Exchange on November 19
Nov 12, 2024
Market
The company’s unrealized profits from investing in the first cryptocurrency approached $13 billion
Nov 12, 2024
Market
The company predicts that the rate of the first cryptocurrency will grow to $200 000 by the end of next year
Nov 11, 2024