Chainlink VRF vulnerability thwarted by white hat hackers with $300K reward

cyptouser3 weeks agoCryptocurrencies News20

Decentralized oracle network Chainlink (LINK) paid a $300,000 bounty to white hat hackers Zach Obront and Or Cyngiser (Trust), who uncovered a critical bug that could have skewed its Verifiable Random Function (VRF).

The bug

VRF is a random number generator (RNG) that allows smart contracts to access random values without compromising security.

The product is used by several crypto projects, including Axie Infinity, PancakeSwap, and Aavegotchi, to protect their smart contract with tamper-proof randomness that cannot be manipulated and ensure verifiable outcomes using cryptographic proofs.

Last year, Trust and Obront submitted a report on how a malicious VRF subscription owner could have prevented users from getting this neutral randomness roll by blocking and rerolling randomness until they received a desired value.

According to the Chainlink team, this bug was categorized as a critical-impact smart contract vulnerability, adding that:

“While it could compromise Chainlink VRF’s intended use of providing transparently verifiable tamper-resistant onchain randomness, the exploitable scenario required a number of specific conditions to be met and would be detectable onchain. Most notably, the subscription owner—a role typically controlled by the team behind the dApp using VRF—must be malicious or compromised.”

Following the incident, Chainlink implemented a security feature to prevent malicious VRF owners from exploiting the issue.

Chainlink enjoying institutional interest

Chainlink’s Cross-Chain Interoperability Protocol (CCIP) technology has seen an increase in adoption from adoption from major traditional institutions.

The global financial messaging network Swift used the technology in a tokenization experiment that involved the transfer of tokens across multiple blockchains in August. South Korean gaming giant also used it to power an interoperable Web3 gaming ecosystem in October.

Also, Hong Kong authorities adopted it for value exchange in its Central Bank Digital Currency (CBDC) trials.

As a result, Chainlink’s native LINK token and Grayscale’s Chainlink Trust (GLNK), an institutional investment vehicle, have seen their value surge to new highs.

The content on this website comes from the Internet. Due to the inconvenience of proofreading the authenticity and accuracy of the copyright or content of some content, it may be temporarily impossible to confirm the authenticity and accuracy of the copyright or content. For copyright issues or other issues caused by this, please Call or email this site. It will be deleted or changed immediately after verification.

related articles

What the crypto industry must do to survive the wrath of the SEC

The Securities and Exchange Commission (SEC) has been keeping a watchful eye on the cryptocurrency i...

Singapore's MAS reveals plan to issue 'live' CBDC for wholesale settlement

The Monetary Authority of Singapore (MAS) is planning a pilot program where it would issue a “...

Federal Reserve’s Michael Barr comments on stablecoin regulations, CBDCs

Michael Barr, vice chair for supervision at the U.S. Federal Reserve, commented on matters related t...

SBF Trial Day 2 – Prosecution's opening statement paints SBF as a fraud mastermind, Defense claims complete innocence

The second day of Sam Bankman-Fried trial began with the continuation of the jury selection process,...

Around $20M at risk as Friend Tech's security comes under scrutiny with users reporting SIM-swap attacks

The security of Friend.Tech users’ funds are in question due to a wave of reported compromised...

Sam Altman removed as OpenAI CEO

OpenAI, a leading entity in the artificial intelligence domain, has announced a significant shift in...