Developer reveals details of Avalanche’s network patched vulnerability
The problem discovered in March of this year could have disabled the blockchain completely
09.09.2022 - 12:45
322
2 min
0
What’s new? Developer Péter Szilágyi has published a report on a vulnerability on the Avalanchenetwork. The problem was discovered on March 29, 2022, and threatened to completely disable the blockchain for 2000 AVAX (~$40 200 at the current rate). Szilágyi discovered the bug and offered a patch to fix it. The problem was fixed the same day with this patch. With Avalanche’s latest hard fork, all nodes run the patched software. The specialist shared details with the permission of Ava Labs engineer Patrick O’Grady.
More details about the bug. Such a bug was called “remote node crash via malicious PeerList package.” The hacker had two options to attack. The first was to run a non-validator node to transmit malicious packets. Szilágyi noted that such a trivial option would have taken longer to shut down the network.
According to the second option, the attacker could register as a new validator and send out infected packets for the price of 2000 AVAX that are used for network interaction. Szilágyi called the price acceptable because such a choice would have brought the hacker “a sweet profit.” The expert also noted that in this scenario, the network would have recovered in a few hours.
On September 7, Nereus Finance, a decentralized platform, was hacked, causing hackers to withdraw $370 000 in USD Coin (USDC) stablecoins. The attack involved flash loans and manipulation of the price of AVAX tokens.
In June, crypto wallets MetaMask and Phantom fixed a critical vulnerability in a browser software extension. The bug, discovered by Halborn back in September 2021, allowed hackers to extract seed phrases from users’ computers.
Useful material?
Incidents
The company conducted fictitious trading for six years to inflate the trading volume of tokens of several companies, receiving payment for these services
Nov 1, 2024
Market
1,5 million addresses have already left applications
Oct 31, 2024
Business
The company began investing in bitcoin in 2020, and since then, the value of its securities has risen by 1700%
Oct 30, 2024
Mining
The Deputy Energy Minister explained that in deficit regions, it is impossible to allocate large capacities for industry enterprises until 2030
Oct 30, 2024
Market
Customers will also be able to withdraw funds to bank accounts using cards
Oct 30, 2024
Mining
Blockware noted increased investor interest in this type of asset due to inflation concerns
Oct 29, 2024