link.png

ID:

avalanche-1159

Date:

Status:

Incident Count:

September 4, 2022

Near-Miss

1

info.png
target.png
REKT

Contributor:

chain.png

web3rekt.com

KYC By:

KYC:

None

info.png

Audit By:

Audits:

Halborn

Loss Amount:

-

info.png

Recovered:

-

Rewards:

TBD

Currency:

USD

info.png

Avalanche is an open-source platform for launching decentralized applications and enterprise blockchain deployments in one interoperable, highly scalable ecosystem. Avalanche is the first decentralized smart contracts platform built for the scale of global finance, with near-instant transaction finality. Ethereum developers can quickly build on Avalanche as Solidity works out-of-the-box.

Statemind, a blockchain security auditing firm, debut with a major splash across the crypto industry by the discovery of a critical vulnerability and prevented an estimated $350M+ in damages, and would have been the third-largest DeFi hack in history according to rekt leaderboard.

The Native Asset Call precompile, a special feature on the C-Chain that is used to interact with Avalanche Native Tokens, could be abused to trick certain contracts that performed blacklist-protected calls to user-supplied contracts to call undesirable targets. Ava Labs will be rewarding Statemind, Abracadabra, and Sushi for their responsible disclosure with a substantial bounty.

This low-level call, if directed to a Native Asset Call, led to a potential problem because the caller assumed that no callee would preserve the calling context, rendering the validation checks on input arguments ineffective.

info.png

DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.