In June 2022, the Aurora Labs team received two bug reports that identified critical vulnerabilities. He paid the authors of the reports the maximum prize – $1 million each in Aurora (AURORA) coins. This was reported on the team’s blog.

The first vulnerability concerns the logic of the NEAR Rainbow Bridge cross-chain bridge to transfer assets between Ethereum and Aurora via NEAR. A hacker can trick the Aurora Engine into producing a fake proof of coin burn, supply it to the bridge, and steal the funds from the vault.

Aurora Labs has banned Aurora Engine from extracting data that appears to be fireproof. The team continues to work on a long-term and more robust proof-of-balance solution.

The second vulnerability concerns the transfer of tokens from Ethereum to Aurora. The attacker can send bundled tokens to the buyer and charge the buyer up to 18.4 ETH.

As planned by the developers, this commission allowed token transfer from Ethereum to Aurora via Rainbow Bridge without connecting the NEAR wallet. However, until the vulnerability was discovered, the fee was unavailable as bridge operations were subsidized by the Aurora validator in NEAR. Aurora Labs prohibits setting the commission value above zero.

Aurora- EVM– Blockchain based on NEAR protocol. It is developed by Aurora Labs, which includes the creators of NEAR. More than 185 projects have migrated or announced to Aurora: 1inch, SushiSwap, DAI, Brave and others.

In April 2022, Aurora Labs launched a bounty program to find vulnerabilities in protocol, smart contracts, and application sites. The reward amount ranges from $1,000 to $1 million, depending on the threat level.

Recall that on August 20, a hacker unsuccessfully attacked the NEAR Rainbow Bridge and lost 5 ETH.

Read ForkLog bitcoin news in our Telegram – cryptocurrency news, courses and analysis.