|
Title: Vulnerability found on Argent Ethereum wallet Post by: cryptomaniac_xxx on June 22, 2020, 10:51:12 AM According to OpenZeppelin, they discovered a bug that could have led to users losing their money.
Quote Summary A high-severity vulnerability in the Argent wallet would have allowed attackers to take over wallets with no guardians. User action would have been needed to prevent the takeover attack in less than 36 hours, which then would have opened an alternative Denial of Service (DoS) attack vector with potential to indefinitely freeze their funds. Our initial analysis reported 329 wallets at immediate risk in mainnet, with nearly 162 ETH in total holdings, plus additional quantities of tokens and DeFi holdings. Additionally we identified 5513 wallets with no guardians which would become vulnerable as soon as they upgraded to the latest version of Argent’s contracts, although Argent reports the majority of these are inactive and should not be considered Argent users. Upon our private disclosure of the vulnerability to Argent, immediate action from their team and affected users was required to keep funds safe. https://blog.openzeppelin.com/argent-vulnerability-report/ Good news is that the bug was discovered before cyber criminals can take advantage of it. So let's see when Argent are going to fix this high vulnerable bugs. Title: Re: Vulnerability found on Argent Ethereum wallet Post by: casperBGD on June 22, 2020, 10:54:54 AM According to OpenZeppelin, they discovered a bug that could have led to users losing their money. Quote Summary A high-severity vulnerability in the Argent wallet would have allowed attackers to take over wallets with no guardians. User action would have been needed to prevent the takeover attack in less than 36 hours, which then would have opened an alternative Denial of Service (DoS) attack vector with potential to indefinitely freeze their funds. Our initial analysis reported 329 wallets at immediate risk in mainnet, with nearly 162 ETH in total holdings, plus additional quantities of tokens and DeFi holdings. Additionally we identified 5513 wallets with no guardians which would become vulnerable as soon as they upgraded to the latest version of Argent’s contracts, although Argent reports the majority of these are inactive and should not be considered Argent users. Upon our private disclosure of the vulnerability to Argent, immediate action from their team and affected users was required to keep funds safe. https://blog.openzeppelin.com/argent-vulnerability-report/ Good news is that the bug was discovered before cyber criminals can take advantage of it. So let's see when Argent are going to fix this high vulnerable bugs. interesting, it is good thing that this is discovered prior to hack, hopefully Argent will get everything right to avoid hacks in the future, we will see |