According to a recent social media post from CertiK, a blockchain security platform, a critical security vulnerability was identified in the Wormhole bridge on the Aptos network. CertiK stated that if left undetected, this flaw could cause losses amounting to $5 million.
Read more: Can the GME Token Reach a New All-Time High?
Fortunately, CertiK uncovered the bug and promptly reported it to the Wormhole team before any exploitation could occur. Following this discovery, the vulnerability has been successfully patched, ensuring that the Wormhole bridge is no longer susceptible to exploitation.
Aptos is a blockchain network renowned for utilising the MOVE programming language, originally developed by Facebook for the Libra project. MOVE advocates argue that it offers superior safety features for writing smart contracts compared to Ethereum’s Solidity and other alternatives. This unique attribute positions Aptos as a promising platform for developers seeking enhanced security and reliability in their blockchain projects.
Read more: Roaring Kitty (ROAR): A Recent Surge Sparks Debate - Is It the Next Dogecoin?
What Went Wrong with the Wormhole Bridge's Security
CertiK's report, shared via a video, detailed that the security flaw stemmed from an incorrect implementation of the 'public(friend)' and 'entry' modifiers in the MOVE programming language. The 'public(friend)' modifier allows a function to be called by other functions within the same module or by external accounts specified on a “friends list,” while restricting other callers. In contrast, the 'entry' modifier permits any external account to call the function.
Wormhole Aptos exploit timeline | Source: CertiK
The Wormhole bridge included 'publish_event,' designed to announce events such as token transfers. This function was meant to be callable only by other functions within the same module or by specific external entities. However, in the bridge version examined by CertiK, the 'publish_event' function was incorrectly modified with both 'public(friend)' and 'entry' modifiers. This mistake allowed any external account to call 'publish_event,' regardless of approval.
Read more: Web3 & AI Integration and $7.5 Billion Token Merger in Crypto AI Alliances
This flaw allowed attackers to create fraudulent transactions that transferred tokens between accounts without actual token movement. Such false "events" could have led the Ethereum version of the bridge to mint or unlock tokens without real deposits on the Aptos side. Consequently, an attacker could have potentially drained up to $5 million from the bridge, as highlighted by CertiK.
Quick Response by Wormhole Team Secures Platform Against New Exploit
On December 5, 2023, CertiK informed the Wormhole team about the discovered flaw. After receiving the report, the Wormhole team investigated the issue and developed and tested a patch to close the security loophole. They then informed the protocol’s Guardians about the issue. The Guardians approved the patch through a multi-signature vote, leading to upgrading the protocol’s Aptos contract with the new code. Fixing the flaw took approximately three hours after it was reported, ensuring that the new bridge version is no longer vulnerable to this exploit.
The patch removed the 'entry' keyword from the publish_event function. It restricted the value of the “governor rate limits” on Aptos from $5 million to $1 million, thereby preventing withdrawals of more than $1 million per day. CertiK says current usage is below $1 million per day, so this new rate limit should not affect most users. Additionally, Wormhole conducted a retrospective analysis to ensure no user funds were compromised, confirming that all balances remained safe.
Despite this successful intervention, Wormhole has faced security challenges in the past. In 2022, a bug in the Solana part of the bridge led to the loss of over $321 million when an attacker minted unbacked tokens. However, the Wormhole team patched the bug and compensated the affected users. In January, Wormhole reclaimed $1 billion in total value locked for the first time since the incident, indicating improved security practices and restored user confidence.
Read more: Will the AMC Token Go As High as the Stocks?
How It Will Impact the Price
The swift resolution of a critical security flaw in the Wormhole bridge on the Aptos network is likely to positively impact the price of related assets. CertiK’s timely discovery and Wormhole’s rapid response, fixing the issue within three hours, demonstrate a strong commitment to security, boosting investor confidence.
The new patch removed the flawed 'entry' keyword and restricted daily withdrawals to $1 million, further enhancing security without disrupting regular operations. Additionally, Wormhole’s retrospective analysis confirmed no user funds were compromised, strengthening trust in the platform.
Read more: Solana Price Stalls After Brief Surge, Meme Coins Back in the Spotlight
Despite Wormhole’s past security challenges, such as the 2022 breach on the Solana bridge, their effective handling of recent issues and regained user confidence suggest improved security practices. Overall, these actions are likely to reassure investors and attract more participation, positively influencing the price of assets within the Aptos ecosystem.
See more: Cryptocurrency Prices and Market Cap
Website: https://www.bitrue.com/
Sign Up: https://www.bitrue.com/user/register
Disclaimer: The views expressed belong exclusively to the author and do not reflect the views of this platform. This platform and its affiliates disclaim any responsibility for the accuracy or suitability of the information provided. It is for informational purposes only and not intended as financial or investment advice.