Evmos pays $150,000 fine for critical error in Cosmos documents
A Web3 security researcher has been awarded $150,000 for reading Cosmos Network documentation and finding a critical bug that could stop the Evmos blockchain and all decentralized applications (DApps) built on top of it.
As part of the Evmos Bug Bounty program, which has been running since November 2022, Ysmuth Sperbit security researcher “jayjonah.eth” has received $150,000 for identifying vulnerabilities in the Evmos blockchain.
In a blog post published on October 28, he explained the advent of the concept of “module tags” in the Cosmos documentation:
“If these addresses[module accounts]receive money from the state machine outside of the expected rules, the variables can be broken and cause an outage.”
Crash test Evmos blockchain based on Cosmos documentation
The security researcher tried to send money to the module account to test his theory:
“At this point, no more blocks are produced and the chain is completely stopped. This breaks the Evmos blockchain and all DApps built on top of it.”
The Evmos team said it had fixed the error before the data was made public.
Evmos bug bonus payment system. Source: Evmos
The researcher was awarded the highest level of pay for identifying a critical error. In conclusion, Jayonah.eth urges security researchers to read project documents “sometimes the most critical mistakes can be extremely simple.”
Source: jayjonah_eth
RELATED: Tapioca offers $1M to ‘social engineering' attacker who stole $4.7M
In addition to mitigating the risk of cyberattacks, projects use bug programs as a tool to reduce losses during a hack.
Hacker negotiates bug bounty with Shezmu protocol.
In September, using a production protocol, the scheme recovered nearly $5 million in stolen crypto in a deal with a hacker who agreed to a higher bonus demand.
Shezumu initially offered the hacker a 10% reward in an onchain message and demanded that 90% of the stolen money be returned to him within 24 hours.
Source: Shezumu
However, the hacker demanded 20 percent of the stolen money as a reward, which the protocol agreed to and he received the rest of the stolen money.
Magazine: Most Depin Projects Barely Use Blockchain: True or False?
