Home>EXCHANGES>Vulnerability Found and Patched in Libra Script
EXCHANGES

Vulnerability Found and Patched in Libra Script



The Libra open-source scripting language Move featured a vulnerability which would have allowed hackers to manipulate the network’s smart contracts.

The bug was discovered by the OpenZeppelin blockchain security firm. OpenZeppelin also provides its services to other leading crypto businesses including Coinbase, Brave browser, and the Ethereum Foundation.

The Libra team quickly patched the bug once the firm revealed its findings.

The Move scripting language allows programmers to define custom resource types, in which a resource cannot be copied or erased, but only have their storage locations changed. The vulnerability was present in Move’s intermediate representation language compiler which allowed the manipulation of inline comments, through which malicious code could have been propagated through the network.

“As cryptocurrency continues to grow in popularity, it is vital for companies to audit and ensure that their networks are secure. Libra is groundbreaking, and it’s great how they involve the community by open-sourcing their code early in the process. Because of this, we were able to find this vulnerability before the Libra network went live, averting potentially damaging effects. Our team shared several exploit scenarios with the Libra team that illustrated why they needed to address this issue quickly.” – said Demian Brener, the company’s CEO.

OpenZeppelin provided more details on their blog, including the scenarios in which the code could have been exploited by bad actors:

 “The potential impact of the vulnerability can vary greatly and depend on i) the business logic of each specific module and its use cases, ii) current and future features of the Move IR language, and iii) the developer platform being used to submit bytecode to the Libra network. Some potential exploiting scenarios one can think of are:

  • A faucet that mints assets (Libra Coins or any other asset on the Libra network) in exchange for a fee can deploy a malicious module that takes a fee but never actually provide the possibility of minting such asset to the user.
  • A wallet that claims to keep deposits frozen and release them after a period of time may actually never release such funds.
  • A payment splitter module that appears to divide some asset and forward it to multiple parties may actually never send the corresponding part to some of them.
  • A module that takes sensitive data and applies some kind of cryptographic operation to obscure it (e.g. hashing or encrypting operations) may actually never apply such operation.”

The post also features the timeline of the Libra team and how it responded to the audits. The team moved relatively fast and introduced a patch to prevent the use of the vulnerability.

So far, there have been little details provided on Libra’s smart contracts, aside from the fact that they are programmable.

Featured Image: The Register

 

source: https://coindoo.com/vulnerability-found-and-patched-in-libra-script/

TheBitcoinNews.com is here for you 24/7 to keep you informed on everything crypto. Like what we do? Tip us some Satoshi with the exciting new Lightning Network Tippin.me tool!

Post source: Vulnerability Found and Patched in Libra Script

More Bitcoin News and Cryptocurrency News on TheBitcoinNews.com



  • Bitcoin
  • Ethereum
  • Bitcoin cash
  • Litecoin
  • Cardano
  • Dash
  • Stellar
  • Ethereum classic
  • Lisk
  • Tron
  • Neo
  • Qtum
  • Omisego
  • Binance coin
  • Zcash
Scan to Donate Bitcoin to 1J6PGL1oemFb3hxabLygq4WgWx8cbfji1r

Please help us if you can with some Bitcoin

Scan the QR code or copy the address below into your wallet to send some Bitcoin

Scan to Donate Ethereum to 0xA8E701dd11280a98e8F2e0A14064AC829E32D50F

Please help us if you can with some Ethereum

Scan the QR code or copy the address below into your wallet to send some Ethereum

Scan to Donate Bitcoin cash to qrth4e0g93h3gpxex8ycwuxtsa332tha5qvkmlz0g5

Please help us if you can with some Bitcoin cash

Scan the QR code or copy the address below into your wallet to send some Bitcoin cash

Scan to Donate Litecoin to LTxxjySMDtERJhHYJ99UFW9AamAWTwCAZ4

Please help us if you can with some Litecoin

Scan the QR code or copy the address below into your wallet to send some Litecoin

Scan to Donate Cardano to DdzFFzCqrhsopoZLhbouUwh2NvvWMPeFrXQW9vNNpPKrjKbRGyLRN5joJgCeZ6e1MRHtPHeLffpkNpQs5AdDA8qFCZ4gA9bYtaerNQTk

Please help us if you can with some Cardano

Scan the QR code or copy the address below into your wallet to send some Cardano

Scan to Donate Dash to XmAdEHrwiVZJVkAxe8hK5U6HZB59L5yhmK

Please help us if you can with some Dash

Scan the QR code or copy the address below into your wallet to send some Dash

Scan to Donate Stellar to GD4KROE42HPOMT7BT6M27HHLFCOSIXPYY2V3WSCX5FYEWRJDIJQ4RWFT

Please help us if you can with some Stellar

Scan the QR code or copy the address below into your wallet to send some Stellar

Scan to Donate Ethereum classic to 0x5BF3fCAC8deA20CF21C9D0D9d058E00EEfc431Ae

Please help us if you can with some Ethereum classic

Scan the QR code or copy the address below into your wallet to send some Ethereum classic

Scan to Donate Lisk to 15642042552518336132L

Please help us if you can with some Lisk

Scan the QR code or copy the address below into your wallet to send some Lisk

Scan to Donate Tron to TYnAenRiV6BsTiE6FVyAcDDxZtBKUQTFxN

Please help us if you can with some Tron

Scan the QR code or copy the address below into your wallet to send some Tron

Scan to Donate Neo to ATiXRHVqYqrNktbxJfcDETfnrSUWSG4cPb

Please help us if you can with some Neo

Scan the QR code or copy the address below into your wallet to send some Neo

Scan to Donate Qtum to QUYXxY6kX7TY2HSLwVYMwFaJNZLwvX5uyp

Please help us if you can with some Qtum

Scan the QR code or copy the address below into your wallet to send some Qtum

Scan to Donate Omisego to 0xA8E701dd11280a98e8F2e0A14064AC829E32D50F

Please help us if you can with some Omisego

Scan the QR code or copy the address below into your wallet to send some Omisego

Scan to Donate Binance coin to 0xA8E701dd11280a98e8F2e0A14064AC829E32D50F

Please help us if you can with some Binance coin

Scan the QR code or copy the address below into your wallet to send some Binance coin

Scan to Donate Zcash to t1cBCyKgSSqWaNrkpvQZUSTuxMmAbbAyFpZ

Please help us if you can with some Zcash

Scan the QR code or copy the address below into your wallet to send some Zcash



Source link

Review Overview

Summary