ClickCease Aptos

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Critical flaw found in Aptos blockchain network

Obanla Opeyemi

November 3, 2022 - TuxCare expert team

Researchers from Singapore-based Numen Cyber Labs have discovered and shared details on a vulnerability in the Move virtual machine responsible for powering the Aptos blockchain network.

Aptos, one of the newest blockchain networks, launched its mainnet on October 17, 2022, which has its roots in the Diem stablecoin payment system proposed by Meta.

The Aptos network is based on a platform agnostic programming language called Move. Move is a Rust-based system specifically designed to implement and execute smart contracts in a secure runtime environment, also known as Move Virtual Machine (aka MoveVM) The vulnerability in Aptos’ Move Virtual Machine could cause Aptos nodes to crash and cause denial of service.

The flaw is compared to an integer overflow vulnerability in the stack-based Web3 programming language, which also causes system crashes. In the case of the Move flaw, Numen Cyber Labs has shown that it is rooted in the Move language’s verification module (“stack_usage_verifier.rs”), a component responsible for validating bytecode instructions before executing them in MoveVM.

“Since this vulnerability occurs in the Move execution module, for nodes on the chain, if the bytecode code is executed, it will cause a [Denial-of-Service] attack. In severe cases, the Aptos network can be completely stopped, which will cause incalculable damage and have a serious impact on the stability of the node,” explained Numen Cyber Labs.

For clarification, Aptos was founded by former Meta employees Mo Shaikh as CEO of Aptos and Avery Ching as CTO to solve the problems that decentralized systems are currently facing. Aptos is trying to optimize existing solutions and also introduce revolutionary solutions. The desired end result is a scalable, decentralized, security-intensive and super-cheap blockchain network without downtown.

It claims to offer a scalable system that offers a speed-oriented approach that handles transaction transmission, block data ordering, and data storage in parallel to save time.

The blockchain network is valuable in that it offers smart contracts using a detection system that detects vulnerabilities and warns users of malicious and underwhelming smart contracts.

The sources for this piece include an article in TheHackerNews.

Summary
Critical flaw found in Aptos blockchain network
Article Name
Critical flaw found in Aptos blockchain network
Description
Researchers from Singapore-based Numen Cyber Labs have discovered and shared details on a vulnerability in the Move virtual machine responsible for powering the Aptos blockchain network.
Author
Publisher Name
Tuxcare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Related Articles

How GPT models can be...

According to CyberArk researchers, GPT-based models like ChatGPT can be...

January 30, 2023

Attackers actively exploit Unpatched Control...

Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in...

January 27, 2023

Attackers distribute malware via malicious...

Deep Instinct researchers reported that RATs like StrRAT and Ratty...

January 26, 2023

CircleCI partners AWS to identify...

According to CircleCI’s CTO, Rob Zuber, CircleCI is working with...

January 25, 2023

Cisco warns of authentication bypass...

A remote attacker could exploit multiple vulnerabilities in four Cisco...

January 24, 2023

IceID malware infiltrates Active Directory...

In a notable IcedID malware attack, the assailant impacted the...

January 23, 2023