Blockchain-based predictions marketplace Augur is under fire after a significant security vulnerability was uncovered by bounty hunters who could potentially be used to sift off millions of dollars.
First published on HackerOne, a crowd-sourced ethical hacking platform that rewards users who detect bugs, ethical hacker droblin created a post that listed "Client-Side Enforcement of Server-Side Security" as a "Weakness" of the Augur protocol.
"User visits a link from the internet; an attacker replaces his Augur application data then-market data, Ethereum addresses, everything."
For a platform like Augur, which relies solely on correct data and collated information to function, this lapse in security is insurmountable.
The primary question arises of how data is manipulated when blockchain is fundamentally immutable, and the answer lies with Augur's decision to store a certain number of files in local servers belonging to the company.
While Augur's blockchain is fully intact and working well, hackers have, or could have, manipulated the front end.
The security research blasted out on Augur's comments on the HackerOne post after the company classified the hack under "Medium severity:".
The researcher also explored the possible consequences of such bugs, after disagreeing with its medium-grade severity classification by the Augur team.
"This stupid, simple, small and critical bug was found in Augur's bug bounty program, the one with very high bonuses for essential bugs and meager expectations for such bugs being actually found."
There may be a few malevolent aspects to Augur's platform, courtesy of the decentralized, open-for-all, censor-free derivatives markets.
Augur: Fake Data Loophole Discovered by Bounty Hunter
에 게시 됨 Aug 9, 2018
by Cryptoslate | 에 게시 됨 Coinage
Coinage
최근 뉴스
모두보기
Blockchain Bites: Bitcoin's Run, Uniswap's Hemorrhaging Value, Anchorage's Banking Bid
Bitcoin is nearing all-time highs in price and market cap last set three years ago.
Japan's megabanks to lead experiment with digital yen
We have, in order, Cheese Bank with a $3.3 million theft, Akropolis with its $2 million loss, Value DeFi with a whopping $6 million exploit and finally Origin Protocol's loss of $7 million.
Number of new Bitcoin addresses spikes amid growing FOMO
Japan's three largest banks, as part of a group of 30 private sector actors, are set to collaborate on an experiment with a digital yen.
Not just Wall Street: Quant trader explains why Bitcoin price is going up
Sam Trabucco, a quantitative trader at Alameda Research, believes four general factors are pushing up the price of Bitcoin.