1 year ago
94
Vulnerability that allows infinite minting of tokens
Jump Crypto, which develops and invests in infrastructure in the Web3 area, reported on the 10th about a vulnerability discovered on the BNB chain provided by the major crypto asset (virtual currency) exchange Binance.
The discovered vulnerability allows a malicious person to mint arbitrary tokens without limit, and if exploited by any chance, it seems that there was a risk of leading to a large-scale illegal outflow of funds.
Jump Crypto notified the BNB Chain development team before going public about this issue. The BNB team then took immediate action and completed the fix within 24 hours. No exploitation of the vulnerability has been confirmed, and it looks like it’s just a hair’s breadth.
Binance CEO Changpong Zhao (CZ) also tweeted that he was “very grateful” for reporting the bug.
Many thanks to @jump_ for reporting this bug. They got a great security team. Really appreciate it. https://t.co/bqidp5X3Y2
— CZ 
Binance (@cz_binance) February 10, 2023
Vulnerability in beacon chains
The BNB chain consists of two blockchains. Ethereum Virtual Machine (EVM) compatible Smart Chain (BSC) and Beacon Chain (BC) built on top of Tendermint and Cosmos SDKs.
Jump Crypto said the vulnerability was found in its beaconchain, which has governance and staking functions.
The vulnerability allowed attackers to mint nearly unlimited BNB tokens during remittances. This means that the receiving account will be able to receive far more tokens than the amount originally set by the sender.
Jump Crypto explains that BeaconChain has made changes to the original Cosmos SDK by the BNB team, which they carefully investigated.
Specifically, the BNB team changed the data type “Coin” used by the Cosmos SDK to process assets to improve the performance of decentralized exchanges (DEX). This led to a vulnerability that allowed almost unlimited assets to be minted. The BNB team has conducted risk checks many times, but it seems that this vulnerability has been overlooked.
BNB team took notice and fixed it. The setting is completed so that the transaction itself will not be established if there is an excessive minting of assets.
Felix Wilhelm, Vulnerability Researcher at Jump Crypto, commented:
A bug that allows infinite minting of native tokens is one of the most significant vulnerabilities in Web3. This discovery shows that we must all stay vigilant and work together to increase security assurance in all projects.
What is Web3
The current centralized web is defined as Web2, and refers to an attempt to realize a non-centralized network using blockchain. A typical feature is the use case of decentralized networks such as blockchain, such as access to dApps using virtual currency wallets.
Cryptocurrency Glossary
Illegal casting in the past
In October 2022, the BNB chain is performing a hard fork upgrade called Moran. It was an upgrade to strengthen security after an unauthorized leak occurred. Although users’ assets were not affected by this leak, the attackers exploited a bug in the cross-chain bridge to fraudulently mint and steal BNB.
connection: BNB chain implements hard fork Strengthening security of illegal outflow receiving bridge
What is cross chain
It refers to the technology that straddles blockchains with different standards and specifications and connects them.
Cryptocurrency Glossary
The post BNB Chain Fixes ‘Serious Vulnerability’ With Infinite Casting Risk appeared first on Our Bitcoin News.
English (US) ·