Critical flaw found in Aptos blockchain network
Researchers from Singapore-based Numen Cyber Labs have discovered and shared details on a vulnerability in the Move virtual machine responsible for powering the Aptos blockchain network.
Aptos, one of the newest blockchain networks, launched its mainnet on October 17, 2022, which has its roots in the Diem stablecoin payment system proposed by Meta.
The Aptos network is based on a platform agnostic programming language called Move. Move is a Rust-based system specifically designed to implement and execute smart contracts in a secure runtime environment, also known as Move Virtual Machine (aka MoveVM) The vulnerability in Aptos’ Move Virtual Machine could cause Aptos nodes to crash and cause denial of service.
The flaw is compared to an integer overflow vulnerability in the stack-based Web3 programming language, which also causes system crashes. In the case of the Move flaw, Numen Cyber Labs has shown that it is rooted in the Move language’s verification module (“stack_usage_verifier.rs”), a component responsible for validating bytecode instructions before executing them in MoveVM.
“Since this vulnerability occurs in the Move execution module, for nodes on the chain, if the bytecode code is executed, it will cause a [Denial-of-Service] attack. In severe cases, the Aptos network can be completely stopped, which will cause incalculable damage and have a serious impact on the stability of the node,” explained Numen Cyber Labs.
For clarification, Aptos was founded by former Meta employees Mo Shaikh as CEO of Aptos and Avery Ching as CTO to solve the problems that decentralized systems are currently facing. Aptos is trying to optimize existing solutions and also introduce revolutionary solutions. The desired end result is a scalable, decentralized, security-intensive and super-cheap blockchain network without downtown.
It claims to offer a scalable system that offers a speed-oriented approach that handles transaction transmission, block data ordering, and data storage in parallel to save time.
The blockchain network is valuable in that it offers smart contracts using a detection system that detects vulnerabilities and warns users of malicious and underwhelming smart contracts.
The sources for this piece include an article in TheHackerNews.