An Ethereum Core Dev Discovered Vulnerability That Could Cause Avalanche To Lose $24 Million

Péter Szilágyi discovered an Avalanche flaw in March that could have brought down the entire network. He has demonstrated how horrible things may have been if the problem had been exploited now that it has been patched.

Péter Szilágyi, an Ethereum core developer, published an Avalanche Vulnerability report on Thursday that describes a serious problem he discovered in the Avalanche network code earlier this year. Szilágyi detailed how Avalanche was susceptible to attack by disseminating a malicious PeerList package to network nodes and validators in the study, which was dated March 29, 2022.

The Avalanche network might have instantaneously crashed if an attacker had launched a new validator node, delivered harmful packets to other nodes, and activated other validators.

“Since all nodes in the network connect to all validators, it’s pretty much an insta-death for the entire network,” Szilágyi wrote.

Although launching such an assault would have required 2,000 AVAX tokens to pay for the new validator node, this would have been a tiny price to pay considering the mayhem it might have caused.

A malicious actor could easily recover the cost by taking a short position against AVAX prior to the attack, effectively enabling them to shut down the network at no cost to themselves, according to Szilágyi.

2,000 AVAX tokens were available for about $179,000 on the open market after the vulnerability was found. Avalanche’s market value was over $24 billion at the moment.

“I was trying to wrap my head around how the networking works and found the packet handling a bit peculiar for my taste. So I wrote a fuzzer to see if I can choke it. It went boom fairly fast,” Szilágyi explained.

Szilágyi informed the Avalanche developer team when he found the error, and they quickly fixed it in the avalanchego v1.7.9 update the next day.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page

Harold

CoinCu News