Chainlink VRF vulnerability thwarted by white hat hackers with $300K reward

cyptouser8 months agoCryptocurrencies News136

Decentralized oracle network Chainlink (LINK) paid a $300,000 bounty to white hat hackers Zach Obront and Or Cyngiser (Trust), who uncovered a critical bug that could have skewed its Verifiable Random Function (VRF).

The bug

VRF is a random number generator (RNG) that allows smart contracts to access random values without compromising security.

The product is used by several crypto projects, including Axie Infinity, PancakeSwap, and Aavegotchi, to protect their smart contract with tamper-proof randomness that cannot be manipulated and ensure verifiable outcomes using cryptographic proofs.

Last year, Trust and Obront submitted a report on how a malicious VRF subscription owner could have prevented users from getting this neutral randomness roll by blocking and rerolling randomness until they received a desired value.

According to the Chainlink team, this bug was categorized as a critical-impact smart contract vulnerability, adding that:

“While it could compromise Chainlink VRF’s intended use of providing transparently verifiable tamper-resistant onchain randomness, the exploitable scenario required a number of specific conditions to be met and would be detectable onchain. Most notably, the subscription owner—a role typically controlled by the team behind the dApp using VRF—must be malicious or compromised.”

Following the incident, Chainlink implemented a security feature to prevent malicious VRF owners from exploiting the issue.

Chainlink enjoying institutional interest

Chainlink’s Cross-Chain Interoperability Protocol (CCIP) technology has seen an increase in adoption from adoption from major traditional institutions.

The global financial messaging network Swift used the technology in a tokenization experiment that involved the transfer of tokens across multiple blockchains in August. South Korean gaming giant also used it to power an interoperable Web3 gaming ecosystem in October.

Also, Hong Kong authorities adopted it for value exchange in its Central Bank Digital Currency (CBDC) trials.

As a result, Chainlink’s native LINK token and Grayscale’s Chainlink Trust (GLNK), an institutional investment vehicle, have seen their value surge to new highs.

The content on this website comes from the Internet. Due to the inconvenience of proofreading the authenticity and accuracy of the copyright or content of some content, it may be temporarily impossible to confirm the authenticity and accuracy of the copyright or content. For copyright issues or other issues caused by this, please Call or email this site. It will be deleted or changed immediately after verification.

related articles

Bitfarms expands Bitcoin mining hashrate to 7 EH/s with Quebec upgrades

Bitfarms announced on April 12 that it completed upgrades to its Bitcoin mining facilities in two lo...

SBF Trial: Jury selection concludes despite impartiality challenges, with one potential juror having already 'reached verdict'

Jury selection for the criminal trial of former FTX CEO Sam Bankman-Fried was completed on the morni...

Bitcoin could soon ‘BLOW higher’ on bullish candle hammer: Glassnode execs

Bitcoin could soon ‘BLOW higher’ on bullish candle hammer: Glassnode execs

55966e89˃Bitcoin (BTC) traders are pointing to a “bullish candle hammer” that has emerged on Bitcoin...

Bullish Bitcoin options dominate May’s $6.5 billion expiry

Bullish Bitcoin options dominate May’s $6.5 billion expiry

55966e89˃Bitcoin (BTC) investors are typically bullish, and despite multiple failed attempts to sust...

Ethereum Name Service plans layer-2 migration to reduce gas fees, boost speed

55966e89˃The Ethereum Name Service (ENS) is planning a significant update, migrating to a layer-2 ne...

Marathon Digital to power Bitcoin mining operations with methane gas from landfills

Bitcoin (BTC) miner Marathon Digital wants to mine the top digital asset powered with landfill metha...