A white hat hacker has found a peril in decentralized projection market Augur. It’s the most persistent decentralized application (dApp) created on the Ethereum platform.
Security researcher Viacheslav Sniezhkov revealed the bug through the bug bounty framework HackerOne. The virus could allow an attacker to insert and corrupt data into Augur user interface. This would lead users to lose cash and get affected.
This achievement was necessitated due to Augur’s core functionality uncensored prediction market. It allows subscribers to predict the result of any circumstance. The decentralized Ethereum blockchain safeguards it. The UI configuration files are stored locally on a user’s computer.
As a result, hackers could use fake websites that serve hidden iframes and, unbeknownst to the user. Still, they can change the configuration settings kept in local files so that an Augur UI would serve up fraudulent data. In the end, they will cheat users to send funds to scammer controlled address.
Note that the bug wasn’t in the Augur smart contract unlike in the case of high-profile Parity and DAO incidents. Above all, the vulnerability is serious like other bugs.
“A third-party site can include a hidden iframe which can override “augur-node” configuration variable of a running augur application. This variable is persisted in localStorage. In the case of browser page reload (user action or browser/OS crash), the normal “augur-node” web sockets endpoint will be replaced with the provided by the attacker so that all the markets data, addresses, and transactions can be masqueraded.”
After several days of sparring with Snizhkov over the intensity of the peril (whether it’s a composed UI bug or something more dangerous), the Forecast Foundation, which manages the development of the Augur protocol, gave $5,000 to Sniezhkov for sharing the virus. It has then been sealed.
As of now, there is no sign to validate the exploit was used to steal users money. But the Forecast Foundation has advised the user to upgrade to the latest version of the software client, especially now that unfortified is now public.
According to a report, two weeks before dApp was launched, the developers of the protocol used the kill switch to shut down prediction markets platform is a dangerous bug was discovered in the Augur smart contract. Since there were no detrimental bugs, the kill switch was destroyed and ownership transferred to burn address.
Image Courtesy of Pixabay.
Follow us on Social Media and subscribe to our free crypto newsletter!
Diskutiere mit uns!
This post may contain promotional links that help us fund the site. When you click on the links, we receive a commission - but the prices do not change for you! :)
Disclaimer: The authors of this website may have invested in crypto currencies themselves. They are not financial advisors and only express their opinions. Anyone considering investing in crypto currencies should be well informed about these high-risk assets.
Trading with financial products, especially with CFDs involves a high level of risk and is therefore not suitable for security-conscious investors. CFDs are complex instruments and carry a high risk of losing money quickly through leverage. Be aware that most private Investors lose money, if they decide to trade CFDs. Any type of trading and speculation in financial products that can produce an unusually high return is also associated with increased risk to lose money. Note that past gains are no guarantee of positive results in the future.