According to researchers from Singapore-based Numen Cyber Labs, who uncovered this security flaw, hackers can use it to conduct DoS attacks and cause Aptos nodes to crash.
Aptos is a new first-level blockchain system launched on October 18, 2022. Its main feature is the use of “Parallel Execution” technology for parallel transaction execution, which increases the throughput of the blockchain and increases the speed of operations. Its developers (Avery Ching and Mo Shaik) have previously been involved in the creation of the Diem wallet for Meta.
The network is built on the Move programming language, which allows you to quickly and securely sign smart contracts in a secure execution environment Move Virtual Machine (aka MoveVM).
The vulnerability discovered by researchers from Numen Cyber Labs lies in the Move verification module ("stack_usage_verifier.rs"). This is the component that checks the bytecode instructions before executing it in MoveVM. This security hole is related to an integer overflow in Move, which can lead to undefined behavior and therefore crashes.
As explained by Numen Cyber Labs, attackers can use this vulnerability to completely stop Aptos, which will cause enormous damage and have a serious impact on the stability of the node.
Comments 0