Close Menu
    Ethereum

    Evmos pays $150K for critical bug found in Cosmos documentation

    By No Comments2 Mins Read

    30s Summary

    A web security expert identified a significant bug in the Evmos blockchain that could have halted its operations, earning a $150,000 reward. The expert, known as ‘jayjonah.eth’, discovered the issue in the Cosmos Network’s manual under ‘module accounts’. Transfer of funds into these accounts following a non-standard process could disrupt the network. Demonstrating this during a test run caused the Evmos blockchain to breakdown fully. Evmos subsequently repaired the issue prior to public disclosure.

    Full Article

    A web security expert bagged $150,000 for catching a crucial glitch in the Evmos blockchain that could have stopped its operations and all the decentralized applications (DApps) running on it, just by thoroughly reading the Cosmos Network manual.

    The expert, who goes by the alias ‘jayjonah.eth’, landed this hefty prize after participating in the Evmos Bug Bounty Program, which kicked off in November 2022. This particular issue was caught by understanding a particular term mentioned in the Cosmos manual – “module accounts”. According to the manual, any funds deposits into these accounts that do not follow the set rules of the system could disrupt the entire network.

    Wanting to see if this could really be the case, ‘jayjonah.eth’ experimented by transferring funds into a module account during a test run. Surprisingly, the chain stopped completely and resulted in a total breakdown of the Evmos blockchain and all DApps rooted on it. Fortunately, the Evmos team were able to fix the issue before it was publicly disclosed.

    Because of his incredible find, ‘jayjonah.eth’ was awarded the maximum amount for catching such a major vulnerability. This accomplishment also serves as a reminder to all security researchers to pay close attention to project manuals, as the simplest bugs can sometimes wreak the most chaos.

    Bounty Bug programs not only assist projects in reducing the risk of cyberattacks but also help lessen the losses in case a hack does happen. For example, last September, Shezmu was able to get back nearly $5 million in stolen cryptocurrencies through discussing a higher bounty demand with a hacker. While they initially offered the hacker a 10% reward and asked for a return of 90% of the stolen funds within 24 hours, the hacker asked for a 20% cut. Agreeing to the hacker’s terms allowed Shezmu to recover the residual stolen funds.

    Source: Cointelegraph

    Related Posts