Newsletter
CoinSharks
  • Bitcoin
  • Ethereum
  • Altcoins
  • Nasdaq
  • NYSE
  • Regulation
  • Shark School
  • Premium Services
No Result
View All Result
  • Bitcoin
  • Ethereum
  • Altcoins
  • Nasdaq
  • NYSE
  • Regulation
  • Shark School
  • Premium Services
No Result
View All Result
CoinSharks
No Result
View All Result
Home News

Jump Crypto Discovers Double-Voting Vulnerability in Celer’s SGN Protocol

Max "The Mako" by Max "The Mako"
May 25, 2023
in News, Bitcoin
0
Jump Crypto Discovers Double-Voting Vulnerability in Celer’s SGN Protocol
390
SHARES
1.8k
VIEWS
Share on FacebookShare on Twitter

Web3 investor and developer Jump Crypto has recently uncovered a significant vulnerability in Celer’s State Guardian Network (SGN), posing a potential threat to the network’s integrity and applications, including Celer’s cBridge.

In a detailed postmortem report, Jump Crypto revealed that a bug in the SGN EndBlocker code allowed validators to cast multiple votes on the same update. Exploiting this flaw, malicious validators could manipulate the voting process, effectively amplifying their voting power and potentially approving harmful or invalid updates. The report highlighted the issue, stating:

Related articles

US district judge refers FTX independent examiner issue to appellate court

US district judge refers FTX independent examiner issue to appellate court

May 31, 2023
Class-Action Lawsuit Filed Against Bancor DAO for Alleged Failure to Deliver on Impermanent Loss Protection Promises

U.S. prosecutors state that if the Bahamas raises objections, certain SBF charges will be dropped

May 31, 2023

“The [EndBlocker] code is missing a check that prevents a validator from voting on the same update twice. A malicious validator could exploit this by voting multiple times on the same update, effectively multiplying their voting power and potentially tipping the vote in favor of an invalid or malicious update.”

Celer, a Cosmos-based blockchain facilitating cross-chain communication, underwent scrutiny from Jump Crypto after releasing portions of the off-chain SGNv2 code on GitHub. The vulnerability was privately disclosed to the protocol’s team, promptly patched, and no known malicious exploitation occurred.

According to the report, this vulnerability granted malicious validators a broad range of possibilities, including the ability to fabricate on-chain events like bridge transfers, message emissions, and staking and delegation activities within Celer’s main SGN contract.

To mitigate the impact, Celer implemented defensive measures to safeguard bridge funds. These include a delay triggered by the bridge contract for high-value transfers, a volume-control mechanism limiting the value of tokens extractable within a short timeframe, and an emergency halt of contracts in response to under-collateralization caused by malicious transfers.

Despite these safeguards, the report emphasized that the protocol remains partially vulnerable. Transaction limits apply on a per-chain and per-token basis, and given the extensive range of supported tokens and chains, an attacker could potentially extract tokens worth approximately $30 million before the contracts are halted. This represents approximately 23% of Celer’s current total value locked.

Importantly, the built-in mechanisms primarily protect Celer’s bridge contracts, leaving dApps built on top of Celer’s inter-chain messaging system fully exposed to these vulnerabilities by default.

While Celer offers a $2 million bug bounty program for vulnerabilities in its bridge, off-chain bugs such as the one discovered in the SGNv2 network are currently not covered. Jump Crypto has engaged in discussions with the protocol regarding the inclusion of the SGNv2 network in its bug bounty program, and the evaluation of a potential payout for Jump’s report is currently underway by Celer’s team.

 

Share156Tweet98

Related Posts

US district judge refers FTX independent examiner issue to appellate court

US district judge refers FTX independent examiner issue to appellate court

by The Megalodon
May 31, 2023

A motion for the appointment of an independent examiner in the bankruptcy case of crypto exchange FTX has been referred...

Class-Action Lawsuit Filed Against Bancor DAO for Alleged Failure to Deliver on Impermanent Loss Protection Promises

U.S. prosecutors state that if the Bahamas raises objections, certain SBF charges will be dropped

by The Megalodon
May 31, 2023

According to a filing in the U.S. District Court for the Southern District of New York, some of the charges...

Bybit cryptocurrency exchange withdraws from Canada due to ‘recent regulatory changes’

Bybit cryptocurrency exchange withdraws from Canada due to ‘recent regulatory changes’

by The Megalodon
May 31, 2023

Dubai-based cryptocurrency exchange Bybit has revealed its decision to halt operations in Canada due to recent regulatory developments. The exchange...

AI Experts Issue Document Comparing the Risk of ‘Extinction from AI’ to Pandemics and Nuclear War

AI Experts Issue Document Comparing the Risk of ‘Extinction from AI’ to Pandemics and Nuclear War

by The Megalodon
May 31, 2023

An open statement published by the Center for AI Safety (CAIS) has garnered signatures from numerous AI experts, including the...

Competing regulatory bills take center stage in US House stablecoin hearing

US CFTC Releases Letter Addressing Compliance in Three Areas of Digital Asset Derivatives and Clearing

by The Megalodon
May 31, 2023

The United States Commodity Futures Trading Commission (CFTC) has issued a staff advisory letter to registered derivatives clearing organizations (DCOs)...

Load More
  • Trending
  • Comments
  • Latest
Kaspersky reports a 40% increase in crypto phishing attacks within a year

Kaspersky reports a 40% increase in crypto phishing attacks within a year

April 17, 2023
Investors Must Be Aware of These 3 Points from the C3.ai Report by Short-Sellers

Investors Must Be Aware of These 3 Points from the C3.ai Report by Short-Sellers

April 18, 2023
XRP Price Nears ‘Sell the News’ Moment Following a 20% Weekly Gain in the Crypto Market

XRP Price Nears ‘Sell the News’ Moment Following a 20% Weekly Gain in the Crypto Market

March 28, 2023
THORChain Halts Mainnet Due to Potential Network Vulnerability Reports

THORChain Halts Mainnet Due to Potential Network Vulnerability Reports

March 29, 2023
Protecting Your Crypto: The Importance of AML Frameworks in Web3

Protecting Your Crypto: The Importance of AML Frameworks in Web3

President Biden Proposes Phased-In 30% Tax on Cryptocurrency Mining Electricity Usage

President Biden Proposes Phased-In 30% Tax on Cryptocurrency Mining Electricity Usage

Explaining the Reasons for the Recent Downturn in Ethereum (ETH) Price: A Macro Analysis

Explaining the Reasons for the Recent Downturn in Ethereum (ETH) Price: A Macro Analysis

Breaking Barriers: Women in Web3 Leading the Charge for Diversity and Inclusion

Breaking Barriers: Women in Web3 Leading the Charge for Diversity and Inclusion

US district judge refers FTX independent examiner issue to appellate court

US district judge refers FTX independent examiner issue to appellate court

May 31, 2023
Class-Action Lawsuit Filed Against Bancor DAO for Alleged Failure to Deliver on Impermanent Loss Protection Promises

U.S. prosecutors state that if the Bahamas raises objections, certain SBF charges will be dropped

May 31, 2023
Bybit cryptocurrency exchange withdraws from Canada due to ‘recent regulatory changes’

Bybit cryptocurrency exchange withdraws from Canada due to ‘recent regulatory changes’

May 31, 2023
AI Experts Issue Document Comparing the Risk of ‘Extinction from AI’ to Pandemics and Nuclear War

AI Experts Issue Document Comparing the Risk of ‘Extinction from AI’ to Pandemics and Nuclear War

May 31, 2023
  • Premium Services
  • Terms of Service
  • Privacy Policy

All Rights Reserved. CoinSharks.

No Result
View All Result
  • Bitcoin
  • Ethereum
  • Altcoins
  • Nasdaq
  • NYSE
  • Regulation
  • Shark School
  • Premium Services

All Rights Reserved. CoinSharks.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.