Celer, a cross-chain interoperability protocol, said Wednesday that it patched a vulnerability first disclosed by Jump’s crypto arm.
In blog posts published by Celer and Jump Crypto, the disclosure detailed a vulnerability in Celer’s State Guardian Network (SGN), a proof-of-stake blockchain that Celer utilizes for securely authorizing transactions between different networks. If executed, the vulnerability could have allowed a malicious validator node to submit enough fraudulent “votes” about the state of the network to alter it potentially.
Celer stressed that no funds were lost due to the bug’s existence. “The vulnerability was not publicly accessible, and no funds were at immediate risk at the time of discovery,” the team wrote.
Celer said that it would propose funding a bug bounty grant to Jump Crypto as a result of the discovery.
“Though the discovery is not covered by the existing bug bounty programs, we plan to raise a community proposal to grant the Jump Crypto team a retrospective bounty reward once we include the SGN codebase in the bug bounty programs in the coming months. Onward and forward,” the team wrote in its blog post.
Vulnerabilities are common in the DeFi world, as perhaps befits an ecosystem of experimental projects and protocols. So, too, are the inherent dangers; last weekend, a malicious attack resulted in the takeover of Tornado Cash’s governance DAO.
According to The Block Research, some $2.73 billion has been stolen from DeFi projects by malicious hackers.