Avalanche is an open-source platform for launching decentralized applications and enterprise blockchain deployments in one interoperable, highly scalable ecosystem. Avalanche is the first decentralized smart contracts platform built for the scale of global finance, with near-instant transaction finality. Ethereum developers can quickly build on Avalanche as Solidity works out-of-the-box.

Statemind, a blockchain security auditing firm, debut with a major splash across the crypto industry by the discovery of a critical vulnerability and prevented an estimated $350M+ in damages, and would have been the third-largest DeFi hack in history according to rekt leaderboard.

The Native Asset Call precompile, a special feature on the C-Chain that is used to interact with Avalanche Native Tokens, could be abused to trick certain contracts that performed blacklist-protected calls to user-supplied contracts to call undesirable targets. Ava Labs will be rewarding Statemind, Abracadabra, and Sushi for their responsible disclosure with a substantial bounty.

This low-level call, if directed to a Native Asset Call, led to a potential problem because the caller assumed that no callee would preserve the calling context, rendering the validation checks on input arguments ineffective.