Developer reveals details of Avalanche’s network patched vulnerability
The problem discovered in March of this year could have disabled the blockchain completely
09.09.2022 - 12:45
305
2 min
0
What’s new? Developer Péter Szilágyi has published a report on a vulnerability on the Avalanchenetwork. The problem was discovered on March 29, 2022, and threatened to completely disable the blockchain for 2000 AVAX (~$40 200 at the current rate). Szilágyi discovered the bug and offered a patch to fix it. The problem was fixed the same day with this patch. With Avalanche’s latest hard fork, all nodes run the patched software. The specialist shared details with the permission of Ava Labs engineer Patrick O’Grady.
More details about the bug. Such a bug was called “remote node crash via malicious PeerList package.” The hacker had two options to attack. The first was to run a non-validator node to transmit malicious packets. Szilágyi noted that such a trivial option would have taken longer to shut down the network.
According to the second option, the attacker could register as a new validator and send out infected packets for the price of 2000 AVAX that are used for network interaction. Szilágyi called the price acceptable because such a choice would have brought the hacker “a sweet profit.” The expert also noted that in this scenario, the network would have recovered in a few hours.
On September 7, Nereus Finance, a decentralized platform, was hacked, causing hackers to withdraw $370 000 in USD Coin (USDC) stablecoins. The attack involved flash loans and manipulation of the price of AVAX tokens.
In June, crypto wallets MetaMask and Phantom fixed a critical vulnerability in a browser software extension. The bug, discovered by Halborn back in September 2021, allowed hackers to extract seed phrases from users’ computers.
Useful material?
Incidents
Scammers took advantage of the former US president’s recent announcement of a real DeFi protocol
Sep 4, 2024
Technologies
The upgrade is aimed at implementing a new decentralized project governance system
Sep 2, 2024
Incidents
The company placed $2б4 billion in bonds maturing in 2026, but their value has fallen dramatically since the entrepreneur’s arrest
Aug 30, 2024
Incidents
In both cases, depending on the outcome of the investigations, the messenger could be blocked
Aug 29, 2024
Market
The project will offer a decentralized alternative to traditional banking services
Aug 29, 2024
Trends
Within a week of its launch, the platform managed to overtake its main competitor, Pump.fun on the Solana network
Aug 28, 2024