Chainlink VRF vulnerability thwarted by white hat hackers with $300K reward

Chainlink VRF vulnerability thwarted by white hat hackers with $300K reward
фото показано с : cryptoslate.com

2023-11-15 14:15

Decentralized oracle network Chainlink (LINK) paid a $300,000 bounty to white hat hackers Zach Obront and Or Cyngiser (Trust), who uncovered a critical bug that could have skewed its Verifiable Random Function (VRF).

The bug

VRF is a random number generator (RNG) that allows smart contracts to access random values without compromising security.

The product is used by several crypto projects, including Axie Infinity, PancakeSwap, and Aavegotchi, to protect their smart contract with tamper-proof randomness that cannot be manipulated and ensure verifiable outcomes using cryptographic proofs.

Last year, Trust and Obront submitted a report on how a malicious VRF subscription owner could have prevented users from getting this neutral randomness roll by blocking and rerolling randomness until they received a desired value.

According to the Chainlink team, this bug was categorized as a critical-impact smart contract vulnerability, adding that:

“While it could compromise Chainlink VRF’s intended use of providing transparently verifiable tamper-resistant onchain randomness, the exploitable scenario required a number of specific conditions to be met and would be detectable onchain. Most notably, the subscription owner—a role typically controlled by the team behind the dApp using VRF—must be malicious or compromised.”

Following the incident, Chainlink implemented a security feature to prevent malicious VRF owners from exploiting the issue.

Chainlink enjoying institutional interest

Chainlink’s Cross-Chain Interoperability Protocol (CCIP) technology has seen an increase in adoption from adoption from major traditional institutions.

The global financial messaging network Swift used the technology in a tokenization experiment that involved the transfer of tokens across multiple blockchains in August. South Korean gaming giant also used it to power an interoperable Web3 gaming ecosystem in October.

Also, Hong Kong authorities adopted it for value exchange in its Central Bank Digital Currency (CBDC) trials.

As a result, Chainlink’s native LINK token and Grayscale’s Chainlink Trust (GLNK), an institutional investment vehicle, have seen their value surge to new highs.

The post Chainlink VRF vulnerability thwarted by white hat hackers with $300K reward appeared first on CryptoSlate.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

White Standard (WSD) на Currencies.ru

$ 0.6235 (-2.19%)
Объем 24H $0
Изменеия 24h: -30.43 %, 7d: -37.65 %
Cегодня L: $0.6235 - H: $0.6235
Капитализация $273.951k Rank 999999
Доступно / Всего 439.402k WSD

hat hackers chainlink white vrf uncovered critical

hat hackers → Результатов: 56


Фото:

Balancer Labs launches bug bounty program worth $2 million

Non-custodian portfolio manager Balancer Labs has launched a bounty program with a price money of 1,000 ETH, valued at $2 million. Balancer Labs added that it hopes the price will serve as a strong incentive to white hat hackers to search for and report bugs within the Balancer V2 Vault architecture, which will be open […] The post Balancer Labs launches bug bounty program worth $2 million appeared first on Invezz.

2021-4-21 15:44


Ethereum Developer Challenges Hackers to Break ETH2 Testnets; Collect $10k Reward

Danny Ryan, one of the core developers of the Ethereum developer community, has challenged white hat hackers to hack into a pair of ETH2 testnets. Ethereum's most significant upgrade since its inception where the Ethereum mainnet will transition from Proof-of-Work (PoW) based mining consensus to Proof-of-Stake (PoS) and has been dubbed Ethereum 2.0. The transition […]

2020-7-22 23:13


Hackers made $32K in 7 weeks by fixing bugs in cryptocurrency projects

In the past seven weeks, white hat hackers earned at least $32,150 by fixing security flaws in popular cryptocurrency and blockchain platforms like TRON, Brave, EOS and Coinbase. According to data reviewed by Hard Fork, 15 blockchain-related firms have paid rewards to security researchers between March 28 and May 16, split across 30 publicly-released bug reports.

2019-5-20 18:21


AntiHACK.me ICO

AntiHACK.me has been created to fill the gap between those who are seeking for White Hat Hackers’ services and the hackers themselves. By sourcing for White Hat Hackers in a decentralized manner and securing it on the blockchain, we are able to offer services transparently, preserving the hacker’s anonymity while ensuring that transactions are completed fairly.

2018-10-25 04:33