Avalanche Bridged BTC (Avalanche) (btc.b) 
A Web3 security researcher received $150,000 from the Cosmos Network for identifying a critical bug that could halt the Evmos blockchain and all its decentralized applications.
On Oct. 29, a Web3 security researcher from Spearbit with the username jayjonah.eth made an X post detailing a blog post he wrote about finding a bug in the Evmos blockchain that could have proved catastrophic to its operations.
His efforts were rewarded by the Cosmos Network with a $150,000 payout for identifying the vulnerability. He discovered the bug while participating in the Evmos Bug Bounty Program on the bug bounty platform Immunefi, which has been active since November 2022.
Importance of Crypto Bug Bounty Programs
A crypto bug bounty offers incentives to developers and researchers to help identify bugs and vulnerabilities within a system. This proactive approach helps maintain the security and stability of blockchain networks.
Discovered a $150,000 @EvmosOrg vulnerability on @immunefi just by reading the docs! ππ Check out my latest write-up to see how paying attention to the basics led to a critical bug. π @SpearbitDAO
In his blog post, the researcher explained that he came across the concept of βmodule accountsβ while reviewing the Cosmos documentation, describing this review as βthe first stepβ in identifying potential problems, as the documentation provides βthe foundationβ for understanding a blockchain.
He found a section within the document which read as follows:
βTypically, these addresses are module accounts. If these addresses receive funds outside the expected rules of the state machine, invariants are likely to be broken and could result in a halted network,β wrote Evmos.
According to jayjonah.eth, this clause indicated that if users sent funds to module accounts, it could cause the blockchain to break. He then tested this by sending funds to the module accounts.
βAt this point, no more blocks are being produced and the chain has completely halted. This breaks the Evmos blockchain and all the DApps built on it,β he wrote.
He reported his findings to the Evmos team, receiving $150,000, the highest prize awarded for a βcriticalβ level bug. The researcher emphasized that the bug was a βlow-hanging fruitβ β simple yet easy to overlook.
βThis bug taught me a few important things as a security researcher. The first, and most obvious, is to always thoroughly read the documentation of the project youβre investigating,β -jayjonah.eth.
Other Notable Bug Bounty Programs
Other projects have also launched bug bounties to help detect hidden threats in their systems. Last August, Layer3, a decentralized attention layer project, launched a bug bounty program in partnership with HackenProof, offering rewards of up to $500,000.
In July, Immunefi collaborated with the Ethereum Foundation to launch βAttackathon,β an audit contest designed to challenge and enhance the Ethereum networkβs security.
Stay updated with more news and insights on Global Crypto News.
#CryptoAssets #CryptoSecurity #CryptoInvestor
