blockchain

Web3 Researcher Earns $150K for Identifying Bug in Evmos Blockchain

Web3 security researcher earning bounty for blockchain vulnerability

Critical Vulnerability Discovered in Evmos Blockchain

In a significant development within the blockchain community, a Web3 security researcher, referred to by the pseudonym “jayjonah.eth,” has been rewarded with a $150,000 bounty for identifying a critical vulnerability in the Evmos blockchain. This discovery not only highlights the importance of security in blockchain technology but also illustrates the effectiveness of bug bounty programs.

Identifying the Vulnerability

The researcher’s findings were part of the Evmos Bug Bounty Program, launched in November 2022. In a blog post dated October 28, jayjonah.eth detailed the methodology used to uncover the bug, which had the potential to completely halt the Evmos blockchain and disrupt all decentralized applications (DApps) operating on it.

By thoroughly examining the Cosmos Network documentation, jayjonah.eth discovered the concept of module accounts. According to the documentation, if these module accounts received funds outside of the established rules of the state machine, it could lead to a breakdown of network invariants, consequently halting the blockchain.

Conducting the Crash Test

To verify this theoretical vulnerability, the researcher executed a crash test in a controlled environment by sending funds to the module account. The results were alarming; the Evmos blockchain came to a complete standstill, halting the production of new blocks and affecting all DApps dependent on the network.

Timely Solutions from the Evmos Team

Upon identifying the issue, the Evmos team acted swiftly to address and rectify the vulnerability before it was publicly disclosed. This prompt action underscores the critical nature of having strong security protocols in place within blockchain projects.

Encouraging Best Practices in Security Research

After receiving the highest tier payout for his critical discovery, jayjonah.eth urged other security researchers to deeply review project documents. He emphasized that often, the most significant vulnerabilities may be unexpectedly simple to identify if one takes the time to investigate thoroughly.

The Role of Bug Bounty Programs

Bug bounty programs play a vital role in safeguarding projects from potential cyber threats and minimizing financial losses due to hacks. For instance, the recent case of the Shezmu protocol illustrates the benefits of these programs. In September, the Shezmu protocol successfully negotiated with a hacker to recover nearly $5 million in stolen cryptocurrency.

Initially, Shezmu offered a 10% bounty reward for the return of the funds, requesting that 90% be returned within 24 hours. The hacker, however, demanded a 20% bounty, to which the protocol eventually agreed, leading to the recovery of the remaining stolen assets.

Conclusion

As the landscape of blockchain technology evolves, maintaining a robust security framework is more crucial than ever. Initiatives like the Evmos Bug Bounty Program not only foster a safer blockchain environment but also encourage continuous improvement through collaboration between researchers and project teams.

Czytaj dalej

Shiba Inu NFT holders receiving upgrades and benefits in the Shibarium ecosystem.
Market depiction highlighting risks from US elections and economic events.

Zostaw komentarz

Wszystkie komentarze są moderowane przed opublikowaniem.

Ta strona jest chroniona przez hCaptcha i obowiązują na niej Polityka prywatności i Warunki korzystania z usługi serwisu hCaptcha.