31

White Hat Hacker Finds Major Vulnerability in Ethereum DApp Augur

 6 years ago
source link: https://www.tuicool.com/articles/hit/uaaMjyU
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Dan Morehead, founder, and CEO of the $1 billion crypto hedge fund Pantera Capital management,said a while back that Augur was his favorite coin. Augur became insanely popular during the FIFA world cup, but a white hat hacker found a vulnerability.

Augur was one of the very first Initial Coin Offerings on the Ethereum platform and is a decentralized prediction platform where a person can purchase shares depending on the outcome they think will occur. Augur had a fantastic start being one of the most successful ICO’s at the time raising almost $5.5 million in 2015. At one point, you could even gamble of the murder of Donald Trump.

Despite Augur’s popularity, the dApp have a significant vulnerability. However, the bug was found , hopefully before anything was stolen, through the bug bounty platform HackerOne by Viacheslav Sniezhkov who wrote the following description:

“A third-party site can include a hidden iframe which can override “augur-node” configuration variable of a running augur application. This variable is persisted in localStorage. In the case of browser page reload (user action or browser/OS crash), the normal “augur-node” web sockets endpoint will be replaced with the provided by an attacker so that all the markets data, addresses and, transactions can be masqueraded.” – Viacheslav Sniezhkov .

The bug would have allowed an attacker to inject fraudulent data into Augur’s interface, which could potentially lead to big losses of funds for the affected users. The bug could be found because the decentralized Ethereum Blockchain secures Augur’s core functionality. That means that some configuration files are stored locally on a user’s computer. Hackers could, therefore, deploy fake websites that have hidden features, potentially tricking a user to send funds to a hacker-controlled address.

The fact is, that the bug was not in Augur’s smart contract, as it was with the case of DAO and Parity . These white hat hackers find bugs and help to solve crucial hacking problems and get rewarded . By detecting this bug, Sniezhkov got rewarded with $5,000 from the Forecast Foundation, who oversees the Augur Protocol. The virus has since then been dealt with.

Currently , we do not know if the hack was successful and if any funds were stolen but the Forecast Foundation recommend all users to upgrade to the latest version of the software.

Blockchain and cryptocurrencies are a relatively new phenomenon, and hacks occur now and then. Even Twitter found thousands of bugs that hacks famous crypto users accounts and spread false updates. The technology is evolving and, the platforms are getting more secure every day.

Image Source: “Flickr”


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK