A whitehat hacker protects smartBCH by reporting a vulnerability

1 301
Avatar for SmartBCH
1 year ago

Recently, a whitehat hacker pwningpwnwpnw reported a vulnerability in smartbchd.

The vulnerability is located in MoeingEVM's host_bridge. It is a bug in the C++ implementation of SEP206. The overflow condition of amount+margin was not checked.

This is a severe vulnerability which allows an attacker to mint infinite BCH on the side chain and drain all the tokens in Swap's pairs. If that happend, the only thing we can do is to hardfork smartBCH, just like what Ethereum did after "the DAO hack".

To patch this vulnerability, we did the following modification:

1. Add more checks to host_bridge

2. Add abort-on-overflow logic to host_bridge

3. Make abort-on-overflow logic to smartbch's golang code

4. Invalidate all the transactions which finish with one or more accounts with more than 21,000,000 BCH.

The latest smartbchd 0.4.7 is the patched version. If you have not updated your node's binary, please update it.

To show our appreciation to pwningpwnwpnw the whitehat and to thank him for protecting the smartBCH sidechain, we the dev team would like to reward him with 150 BCH. We only got 1000 BCH in our 2021 flipstarter, so this is the best we can do.

But these 150 BCH cannot match pwningpwnwpnw's contribution. We hereby call on the BCH and smartBCH supporters to donate more BCH as pwningpwnwpnw's reward. Your donations will show the community's unity and strength. Please kindly send your donations to the whitehat's addresses: 0x1Aa2FC6E54838C5b1a8d5bD052484De56D485822 bitcoincash:qretmzu6nrs2cc88kw053jw7lsru57qteue7a3s6my.

Some BCH enthusiasts are going to set up a foundation to raise funds to boost the smartBCH ecosystem. They have promised that if they succeed, some of the raised funds will also be rewarded to pwningpwnwpnw, and a bug bounty program will be set up.

Thanks again to all the supporters. We will continue to develop smartBCH to make it a more secure and powerful chain.

14
$ 0.53
$ 0.50 from @quest
$ 0.01 from @arruah
$ 0.01 from @PVMihalache
+ 1
Avatar for SmartBCH
1 year ago

Comments

Vulnerability scanning is an essential component of any effective cybersecurity strategy. It involves identifying potential weaknesses and flaws in your network or applications, and taking steps to address them before they can be exploited by hackers or cybercriminals. However, not all vulnerability scanning is created equal, and there are some important considerations to keep in mind when implementing this practice.

One key factor is the use of a reliable search engine for security intelligence. Tools like https://vulners.com/ provide access to a vast database of vulnerability information, including both known and potential threats. By utilizing this type of resource, organizations can more effectively prioritize their scanning efforts and ensure that they are addressing the most critical risks first. Of course, vulnerability scanning is just one part of a comprehensive security strategy, and it should be combined with other measures such as employee training, access controls, and ongoing monitoring and threat detection. By taking a holistic approach to cybersecurity, businesses can better protect themselves against the constantly-evolving landscape of cyber threats.

$ 0.00
1 year ago