{"id":35589,"date":"2022-09-08T16:51:15","date_gmt":"2022-09-08T20:51:15","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=35589"},"modified":"2024-04-10T23:17:06","modified_gmt":"2024-04-11T03:17:06","slug":"peter-szilagyi-ethereums-lead-developer-salvaged-avalanches-24b-ecosystem","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/peter-szilagyi-ethereums-lead-developer-salvaged-avalanches-24b-ecosystem\/","title":{"rendered":"P\u00e9ter Szil\u00e1gyi Ethereum’s lead developer salvaged Avalanche’s $24B ecosystem"},"content":{"rendered":"\n

P\u00e9ter Szil\u00e1gyi discovered a flaw in Avalanche's PeerList package on March 29, 2022<\/h3>\n\n\n\n
\"Avalanche\"
Peter Szilagyi Ethereum's lead developer salvaged Avalanche's $24B ecosystem<\/figcaption><\/figure>\n\n\n\n

P\u00e9ter Szil\u00e1gyi, an Ethereum <\/a>developer, has published a vulnerability report explaining how a fault he discovered in Avalanche would have brought down the entire network.<\/p>\n\n\n\n

P\u00e9ter Szil\u00e1gyi discovered a vulnerability in Avalanche's PeerList package on March 29, 2022, which a bad actor might have easily exploited. The Avalanche developer team swiftly patched the issue once he contacted them.<\/p>\n\n\n\n

\n

Publishing my #Avalanche\r\n \r\n \r\n \r\n <\/g>\r\n \r\n \r\n \r\n <\/clipPath>\r\n <\/defs><\/svg><\/span><\/a> vulnerability report from 29th March, 2022 that could have been used to take the entire network down at no cost.

The issue was fixed way back, and with the latest Avalanche hard fork, all nodes run the patched software.

Njoy \ud83d\ude42https:\/\/t.co\/nokedKF7IZ<\/use><\/svg><\/span><\/a><\/p>— P\u00e9ter Szil\u00e1gyi (@peter_szilagyi) September 8, 2022<\/use><\/svg><\/span><\/a><\/blockquote>

PeerList's flaw<\/h3>\n\n\n\n

The Avalanche <\/use><\/svg><\/span><\/a>network interacts using a PeerList package that can only be transmitted by validating nodes. <\/p>\n\n\n\n

explained that an attacker may exploit the vulnerability by staking the 2,000 AVAX tokens required to be a validator node and sending a malicious PeerList package to network nodes.<\/p>\n\n\n\n

Szil\u00e1gyi clarified;<\/p>\n\n\n\n

Since all nodes in the network connect to all validators, it\u2019s pretty much an insta-death for the entire network.<\/strong><\/p><\/blockquote>\n\n\n\n

He also added;<\/p>\n\n\n\n

The price is of course 2000AVAX, but I kind of find that acceptable since a nice short would net a sweet profit and the network would rebound anyway after a few hours so no long term value lost in the malicious validator.<\/strong><\/p><\/blockquote>\n\n\n\n

As of March 2022, it was estimated that the market capitalization of the Avalanche network exceeded $24 billion. <\/p>\n\n\n\n

If the vulnerability had been exploited by an adversary, the ecosystem would have collapsed catastrophically.<\/p>\n\n\n\n

Avalanche's Bug War<\/h3>\n\n\n\n

During the February 2021 introduction of the DeFi protocol Pangolin on Avalanche, the network encountered a “cross-chain finality” flaw that pushed it into “self-healing mode.”<\/p>\n\n\n\n

Some validators on Avalanche accepted invalid mint transactions as a result of a high network load. As a result, the network was forced to suspend all transactions for hours. <\/p>\n\n\n\n

The developers applied a quick fix and processed all pending transactions.<\/p>\n","protected":false},"excerpt":{"rendered":"

P\u00e9ter Szil\u00e1gyi discovered a flaw in Avalanche’s PeerList package on March 29, 2022 P\u00e9ter Szil\u00e1gyi, an Ethereum developer, has published a vulnerability report explaining how a fault he discovered in Avalanche would have brought down the entire network. P\u00e9ter Szil\u00e1gyi discovered a vulnerability in Avalanche’s PeerList package on March 29, 2022, which a bad actor […]<\/p>\n","protected":false},"author":40,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[21],"tags":[132],"class_list":["post-35589","post","type-post","status-publish","format-standard","hentry","category-news","tag-crypto"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/35589","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=35589"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/35589\/revisions"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=35589"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=35589"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=35589"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}