KyberSwap’s $47M Reentrancy Attack: A Deep Dive into the Exploit
Let’s take a closer look inside a $47M reentrancy attack on KyberSwap.
🇺🇦 Hacken stands with Ukraine!Learn more
The Avalanche’s aim of leapfrogging Ethereum might seem impossible. 2022 hit AVAX hard, especially the TVL and dApp use. AVAX’s market cap is approx. $4.1 billion, according to CoinMarketCap. The blockchain hosts 478 projects. Its unique architecture and scalability will hopefully bring the network back in the game alongside Solana, and we’ll see the launch of new next-gen Avalanche projects. However, like any blockchain network, security should be the number one concern. Although Avalanche adheres to strict security policies, anything could go wrong in case of slip-ups or errors in the smart contract code of a particular project.
Avalanche is a smart contract-enabled blockchain platform created for building dApps. Extremely efficient, this potential Ethereum killer has managed to catch the attention of the industry bigwigs. Avalanche promises over 4,500 TPS and a blazingly fast transaction time-to-finality by separating tasks between three blockchains instead of one. With the current throughput of 1.4 TPS, the network has a long way to go, but what about Avalanche cybersecurity?
The Avalanche ecosystem includes nearly 500 projects, some of which have already lost millions due to exploited vulnerabilities. It doesn’t mean that something is inherently wrong with this network itself. Exploits of all shapes and sizes keep plaguing the entire crypto industry, so the media has a lot of material to produce horror stories of significant protocols being hacked.
Besides, Avalanche is a reasonably young network, and some critical vulnerabilities are almost inevitable. Hopefully, their discoveries will be made before any exploits can steal funds. Something similar has already happened with AVAX. An anonymous tipster on Twitter saved Avalanche and some other blockchain networks by alarming the crypto community about an unsafe precompile. The latter made it possible for any user to route arbitrary calls on behalf of the protocol’s contract. An immediate fix followed, potentially saving as much as $350M+ in value.
One more happy ending about Avalanche happened due to Péter Szilágyi, an ETH programmer who identified a bug in the network’s PeerList package and immediately informed Avalanche’s developer team about it. The bug could have crashed the whole network. Instead, it has made Peter a new white-hat hero.
Earlier (back in February 2021), a significant bug related to cross-chain finality was revealed when the DeFi protocol Pangolin was launched. All transactions had to be stopped due to a heavy network load, but developers successfully fixed the issue, avoiding disastrous consequences.
According to our reports, the most common vulnerabilities in smart contracts written on the Avalanche platform are the following:
We find these bugs and provide recommendations on fixing them. Even a bug that doesn’t seem critical might snowball into a horrendous exploit when used by malicious actors. The smart contract audit will reveal what could go wrong, detailing a viable solution.
The good news is that projects in the AVAX ecosystem can prevent most potential exploits. All it takes is getting a project audited by a professional, smart contract auditing company. The Hacken team has the required expertise in auditing Avalanche smart contracts. We offer professional code review and analysis for smart contracts deployed to this blockchain network. What is more, HackenProof runs several Bug Bounty programs specifically for Avalanche:
The journey to Ethereum’s dominance level is difficult, but Avalanche demonstrates reliance on the Web3 community inputs for improving its cybersecurity.