Critical Security Flaw Could Have Shattered Avalanche (AVAX) Network
A critical security vulnerability that could have potentially crippled the Avalanche (AVAX) network was flagged earlier today.
The vulnerability was first identified by Ethereum team lead Peter Szilagyi. At the time, Avalanche was hosting over $9 billion in Total Value Locked (TVL) and had a market cap of $24 billion, according to DeFi Llama and Coingecko. The flaw has since been patched, and Ava Labs has declined to comment on the issue.
Publishing my #Avalanche vulnerability report from 29th March, 2022 that could have been used to take the entire network down at no cost.
— Péter Szilágyi (karalabe.eth) (@peter_szilagyi) September 8, 2022
The issue was fixed way back, and with the latest Avalanche hard fork, all nodes run the patched software.
Njoy :)https://t.co/nokedKF7IZ
Szilagyi’s report detailed the timeline of events and specifics about the security flaw. He discovered the vulnerability on March 29th and promptly suggested that Avalanche address the issue. The team responded and fixed the problem on the same day.
This was classified as a “remote node incident.” In simple terms, someone injected approximately $179,000 into an Avalanche node to send malicious PeerList packages (used for network communication) to other nodes, effectively bringing down the network.
The attacker could also have opted to deploy an unauthenticated node (connected only to a validator rather than all nodes in the network), achieving similar results but taking longer.
Szilagyi added:
“Avalanche’s network is quite vulnerable; even a single connection can take down a node. Since all nodes in the network are connected to all validators, this is a significant risk.”
If the attacker had funded a new validator to carry out the attack, they would have short-sold AVAX, even with the upfront cost of $179,000. This is because “the network would recover within a few hours, so no long-term value would be lost.”
In the context of the ongoing struggles in the crypto market, Avalanche faces another setback. Recently, a Crypto Leaks article exposed the platform’s clandestine operations and unveiled several other stark controversies.
Details: Avalanche Exposed for “Unfair Play” Against Rival Projects, Including Binance
Shortly after, the project’s founder officially refuted the “unfair play” accusations. On August 29th, AVAX experienced a sharp drop to $17.84 but has gradually recovered since then.
15-Minute AVAX/USDT Chart on Binance as of 11:15 AM on September 9, 2022
