Tag: security vulnerabilities

ZenGo uncovers dApp vulnerability

ZenGo, a crypto wallet developer, has discovered a security vulnerability in decentralized applications (dApps) called the “red pill attack.” This vulnerability allowed malicious dApps to steal user assets using opaque transaction approvals. ZenGo conducted research that revealed that many leading vendors, including Coinbase Wallet, were vulnerable to such attacks. However, ZenGo stated that all vendors were receptive to their reports, and most of them were quick to fix their faulty implementations.

The vulnerability is possible due to a programming oversight in “Special Variables” among smart contracts storing general information on the blockchain functionality, such as timestamp of the current block. During simulations, there is no correct value for Special Variables, and developers “take a shortcut” and set them to an arbitrary value. This vulnerability is where the “red pill attack” derives its name from the iconic “red pill” scene from The Matrix movie series. “If malware is able to detect it’s actually being executed in a simulated environment or living in the matrix, it can behave in a benign manner, thus deceiving the anti-malware solution, and reveal its true malicious nature only when actually executed in a real environment.”

ZenGo demonstrated in a video how a smart contract simulation on Polygon (MATIC) could be compromised using this method. ZenGo showed that when the user sends the transaction on-chain, COINBASE is filled with the non-zero address of the current miner, and the contract just takes the sent coins.

ZenGo said the fix for the vulnerability was straightforward. Instead of populating these vulnerable variables with arbitrary values, the simulations need to populate them with meaningful values. ZenGo presented redacted screenshots of bug bounties, apparently awarded by Coinbase, for solving the issue. The Ethereum Foundation has also awarded ZenGo a $50,000 grant for its research on transaction simulations.

Decentralized applications or dApps are an essential part of the blockchain ecosystem. They operate on decentralized networks, where there is no central authority, and transactions are recorded on the blockchain. The advantage of dApps is that they provide users with a more secure and transparent way to transact without a central authority. However, as with any technology, there are vulnerabilities that need to be addressed. The discovery of the “red pill attack” vulnerability by ZenGo underscores the importance of security in the blockchain ecosystem.

In conclusion, ZenGo’s discovery of the “red pill attack” vulnerability in dApps is a significant development in the blockchain ecosystem. The vulnerability, which allowed malicious dApps to steal user assets, highlights the importance of security in the blockchain ecosystem. ZenGo’s research has shown that many leading vendors were vulnerable to such attacks, but they were quick to fix their faulty implementations. The fix for the vulnerability is straightforward, and ZenGo has urged developers to populate vulnerable variables with meaningful values.

Solana Foundation Offers $400k Bounty for Critical Code Discovery

The Solana Foundation is offering a monetary reward of $400,000 to anyone who can identify a code that could potentially halt the Solana network, as revealed by Jacob Creech, Head of Developer Relations at Solana. The announcement came through Creech’s Twitter post on 13th October 2023. The bounty is part of Solana’s bug bounty program aimed at discovering and rectifying critical vulnerabilities to ensure the network’s robustness and security.

Bounty for Liveness Loss

The specific bounty of $400,000 is categorized under “Liveness / Loss of Availability” in Solana’s Security Bug Bounties program, which covers incidents where consensus halts and requires human intervention including eclipse attacks, remote attacks partitioning the network. The reward is paid in locked SOL tokens with a lockup period of 12 months.

Reporting and Response Process

Solana has a well-defined process for reporting, reviewing, and addressing security issues. Individuals discovering a potential vulnerability are instructed to report it through a designated “Report a Vulnerability” link rather than creating a GitHub issue. The Solana Labs team typically responds within 72 hours, following which a triage and fix preparation process ensues. Once a fix is ready, it’s communicated to the network validators using the “Solana Red Alert” notification system, ensuring a coordinated effort to address the vulnerability.

Besides the aforementioned category, Solana’s bug bounty program includes other categories like “Loss of Funds,” “Consensus/Safety Violations,” and “DoS Attacks,” with rewards ranging from $100,000 to $2,000,000. These bounties reflect Solana’s commitment to maintaining a secure and reliable blockchain network by incentivizing the discovery and reporting of potential security threats.

Eligibility and Payment

To be eligible for the bounty, submissions must include an exploit proof-of-concept. The Solana Foundation has outlined a clear process, including KYC (Know Your Customer) procedures and a participation agreement that needs to be adhered to by the participants. The bounties are awarded on a rolling or weekly basis, and are paid out within 30 days upon receipt of an invoice, with the SOL/USD conversion rate being determined by the market price of SOL at the end of the day the invoice is submitted.

In summary, the Solana Foundation’s proactive stance towards identifying and rectifying potential security threats through substantial bounties reflects its continuous effort to uphold network integrity and ensure a secure blockchain environment for its users and developers.

Exit mobile version