Ethereum lead developer saved Avalanche from over $24B ecosystem crash

Ethereum developer Péter Szilágyi has released a vulnerability report detailing how a bug he found in Avalanche would have crashed the entire network.

Péter Szilágyi on March 29, 2022, identified a bug in Avalanche’s PeerList package which would have been easily exploited by a malicious actor. He reached out to Avalanche’s developer team and they promptly patched the vulnerability.

The PeerList vulnerability

The Avalanche network communicates using a PeerList package that can only be sent by node validators. Szilágyi explained that the vulnerability was such that all an attacker needed was to stake 2000 AVAX tokens required to be a validator node and send out a malicious PeerList package to nodes on the network.

Szilágyi explained:

“Since all nodes in the network connect to all validators, it’s pretty much an insta-death for the entire network.”

He added:

“The price is of course 2000AVAX, but I kind of find that acceptable since a nice short would net a sweet profit and the network would rebound anyway after a few hours so no long term value lost in the malicious validator.”

As of March 2022, the market capitalization of the Avalanche network was estimated at over $24 billion. The crash of the ecosystem would have been fatal if a malicious attacker had hijacked the vulnerability.

Avalanche’s battle with bugs

During the launch of the DeFi protocol Pangolin on Avalanche in February 2021, the network suffered a “cross-chain finality” bug that forced it to enter a “self-healing mode.”

Avalanche experienced a heavy network load that caused some validators to accept some invalid mint transactions. Consequently, the network had to halt all transactions for hours. The developers quickly patched the issue and completed all pending transactions.

Source: https://cryptoslate.com/ethereum-lead-developer-saved-avalanche-from-over-24b-ecosystem-crash/