A critical vulnerability in Aptos MoveVM was found by Numen cyber technology. The Singapore-based cybersecurity solutions provider noticed the vulnerability and alerted the blockchain service to patch the same.
As per Numen’s report, the first critical vulnerability detected would have made it susceptible to DoS attacks, leading to instability of the node. DoS attacks are known to slow down servers with innumerable requests and traffic.
The vulnerability in Aptos would have also made it easier for cyber-attackers to execute codes that would have crashed its blockchain nodes. The vulnerability was found in the execution module of Move for nodes on the chain. It was noticed when the bytecode was executed, it showed vulnerability to a denial of service (DoS) attack. Such an attack could have impacted the stability of the node and also could have resulted in the complete stopping of the Aptos network.
Crash details
After executing specific instruction codes twice, researchers found that the return was greater than the maximum value of u64. This resulted in data truncation. Moreover, the stack_size_increment value turned to 0x12d473012043c2c3b, which caused an integer overflow. Exploiting this flaw would have given the hacker added privileges while also disabling the validation checks.
Aptos public blockchain was formed using Diem’s open-source code after Meta sold the latter. Diem previously known as Libra was a blockchain-based payment system. Blockchains enable cryptocurrency transactions. Aptos was made by former Facebook employees.
Move is a programming language that is used by Aptos. The security flaw was discovered in the virtual machine (VM) of Aptos, hence the name Aptos MoveVM. Aptos raised $200 million on March 15 through strategic investment and $150 million in s Series A funding round on July 25.
