Aurora, an Ethereum Virtual Machine (EVM) compatible scaling and bridge solution built on top of the NEAR Protocol blockchain network, has completed the payment of a $2 million bug bounty to a pair of whitehat hackers that reported vulnerabilities on the platform back in June.
According to a blog post written by ImmuneFi, a leading web 3 bug bounty platform that facilitated the transaction, the whitehat hackers will each receive $1 million worth of the platform's eponymously named native token streamed linearly over one year.
The vulnerabilities the hackers discovered related to Aurora's permissionless bridging functionality between NEAR Protocol and Ethereum. The first vulnerability was that the platform had a different ERC-20 (fungible token standard) called NEP-141. This would potentially allow an attacker to create worthless NEAR tokens, bridge them to Aurora, and then use them to withdraw ETH from the addresses of Aurora users.
The second bug had to do with the burn function of the bridge. It would have allowed an attacker to create a "fake burn event" on Aurora which could then be used to withdraw ETH from the protocol's reserve.
Both vulnerabilities have been fixed without any loss of funds to users, the blog post noted. The first report on the vulnerabilities was written by DeFi security firm Halborn.
"We would like to thank the anonymous whitehat for doing an amazing job and responsibly disclosing such an important bug. Big props also to the Aurora team who responded quickly to the report and patched it," ImmuneFi said in the post.
Not all cross-bridge blockchain platforms have been as lucky as Aurora in handling major vulnerabilities without loss of funds. According to a CNBC report in August, bridge protocols
Read more on cryptonews.com