Web3 Researcher Receives $150,000 Bug Bounty from Cosmos Network for Identifying Critical Evmos Blockchain Vulnerability
- Patricia ArquetteOriginal
- 2024-10-30 07:20:21666browse
A Web3 security researcher received $150,000 from the Cosmos Network for identifying a critical bug that could halt the Evmos blockchain and all its decentralized applications.
A Web3 security researcher was able to earn $150,000 from the Cosmos Network after discovering a critical bug that could halt the Evmos blockchain and all its decentralized applications (DApps).
According to the researcher, who goes by the pseudonym jayjonah.eth on Twitter, the bug was discovered as part of a crypto bug bounty. These bounties offer incentives to developers and researchers to help identify bugs and vulnerabilities within a system.
“I decided to participate in the Evmos bug bounty program and started reading the Evmos light client spec,” explained jayjonah.eth.
He found a section within the document which read as follows:
“Typically, these addresses are module accounts. If these addresses receive funds outside the expected rules of the state machine, invariants are likely to be broken and could result in a halted network,” wrote Evmos.
According to jayjonah.eth, this clause indicated that if users sent funds to module accounts, it could cause the blockchain to break. He then tested this by sending funds to the module accounts.
“At this point, no more blocks are being produced and the chain has completely halted. This breaks the Evmos blockchain and all the DApps built on it,” he wrote.
He then reported his findings to the Evmos team, who awarded him $150,000 for discovering the critical bug. This marks the highest prize awarded for a bug of this level.
“They confirmed the bug and awarded me $150,000 for finding the critical bug. This is the highest prize awarded for a critical bug in the Evmos bug bounty,” wrote jayjonah.eth.
However, despite the large sum, the researcher downplayed the difficulty of finding the bug, describing it as “low-hanging fruit.”
“This bug was actually very simple to find and is a great example of the low-hanging fruit that can be found in Web3,” he noted.
“It’s also a good reminder that even large projects can have simple bugs that are easy to overlook.”
He added that the bug highlights the importance of thoroughly reading documentation and thanked the Evmos team for their cooperation.
“This bug taught me a few important things as a security researcher. The first, and most obvious, is to always thoroughly read the documentation of the project you’re investigating,”
-jayjonah.eth
The above is the detailed content of Web3 Researcher Receives $150,000 Bug Bounty from Cosmos Network for Identifying Critical Evmos Blockchain Vulnerability. For more information, please follow other related articles on the PHP Chinese website!