Logic error, create illegal minting of asset
Days in Operation:
100 pts each
Ravencoin's community member CryptoScope team discovered that there are vulnerabilities in the Ravencoin blockchain, which has been cast by unknown people. 1.5% of the total RVN is 21 billion. Tron Black, the developer of Ravencoin, said that these tokens may have been sold to the market after being mined, so the economic losses have been absorbed by the Ravencoin ecosystem. The official reminds all miners, mining pools or exchanges to upgrade the client to the latest version, just use the latest version. The community is also considering various options to reduce the subsequent impact of the incident, such as halving the time in advance to restore the total to the original planned 21 billion.
Per an official blog post, the team stated that the exploit is still being investigated, but that hackers may have minted a whopping 301,804,400.51605642 RVN, 1.5% of its maximum supply of 21 billion. The operators said that a “community code submission” had caused “a bug that has been exploited.” The hackers appear to have worked quickly, and have since traded part of the sum on crypto exchanges.
A vulnerability was discovered in the special class of code that accepts or rejects transactions called consensus code because all nodes should arrive at a consensus (or mutual agreement). A code change that gave one message for asset creation with non-zero RVN, and a different error for asset transfers with non-zero RVN was introduced, and because there wasn’t a case for asset re-issuance it allowed an output with RVN.
Through the exploit, an additional 301,804,400.51605642 were minted beyond the regular RVN coinbase. Since then, the last exploiter burned their 2803988.94326435, and the second exploiter burned exactly 1098000 RVN.
DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose.
Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.