Developer reveals details of Avalanche’s network patched vulnerability
The problem discovered in March of this year could have disabled the blockchain completely
09.09.2022 - 12:45
347
2 min
0
What’s new? Developer Péter Szilágyi has published a report on a vulnerability on the Avalanchenetwork. The problem was discovered on March 29, 2022, and threatened to completely disable the blockchain for 2000 AVAX (~$40 200 at the current rate). Szilágyi discovered the bug and offered a patch to fix it. The problem was fixed the same day with this patch. With Avalanche’s latest hard fork, all nodes run the patched software. The specialist shared details with the permission of Ava Labs engineer Patrick O’Grady.
More details about the bug. Such a bug was called “remote node crash via malicious PeerList package.” The hacker had two options to attack. The first was to run a non-validator node to transmit malicious packets. Szilágyi noted that such a trivial option would have taken longer to shut down the network.
According to the second option, the attacker could register as a new validator and send out infected packets for the price of 2000 AVAX that are used for network interaction. Szilágyi called the price acceptable because such a choice would have brought the hacker “a sweet profit.” The expert also noted that in this scenario, the network would have recovered in a few hours.
On September 7, Nereus Finance, a decentralized platform, was hacked, causing hackers to withdraw $370 000 in USD Coin (USDC) stablecoins. The attack involved flash loans and manipulation of the price of AVAX tokens.
In June, crypto wallets MetaMask and Phantom fixed a critical vulnerability in a browser software extension. The bug, discovered by Halborn back in September 2021, allowed hackers to extract seed phrases from users’ computers.
Useful material?
Market
Earlier, the community criticized the project for its lack of transparency, which led to a sharp drop in the HYPE token price
Jan 8, 2025
Market
Rising US Treasury bond yields are negatively affecting risk assets
Jan 8, 2025
Mining
The Avalon Mini 3 is available for pre-order at $899
Jan 8, 2025
Market
The exchange obtained the documents as part of the Freedom of Information Act proceeding
Jan 6, 2025
Market
According to the preliminary plan, the free coin giveaway will take place in January 2025
Dec 27, 2024
Market
The fund’s issuer will be Donald Trump associate Vivek Ramaswamy’s Strive company
Dec 27, 2024