Augur: Fake Data Loophole Discovered by Bounty Hunter

에 게시 됨 by Cryptoslate | 에 게시 됨

Blockchain-based predictions marketplace Augur is under fire after a significant security vulnerability was uncovered by bounty hunters who could potentially be used to sift off millions of dollars.

First published on HackerOne, a crowd-sourced ethical hacking platform that rewards users who detect bugs, ethical hacker droblin created a post that listed "Client-Side Enforcement of Server-Side Security" as a "Weakness" of the Augur protocol.

"User visits a link from the internet; an attacker replaces his Augur application data then-market data, Ethereum addresses, everything."

For a platform like Augur, which relies solely on correct data and collated information to function, this lapse in security is insurmountable.

The primary question arises of how data is manipulated when blockchain is fundamentally immutable, and the answer lies with Augur's decision to store a certain number of files in local servers belonging to the company.

While Augur's blockchain is fully intact and working well, hackers have, or could have, manipulated the front end.

The security research blasted out on Augur's comments on the HackerOne post after the company classified the hack under "Medium severity:".

The researcher also explored the possible consequences of such bugs, after disagreeing with its medium-grade severity classification by the Augur team.

"This stupid, simple, small and critical bug was found in Augur's bug bounty program, the one with very high bonuses for essential bugs and meager expectations for such bugs being actually found."

There may be a few malevolent aspects to Augur's platform, courtesy of the decentralized, open-for-all, censor-free derivatives markets.

x