Aurora, an Ethereum Virtual Machine (EVM) compatible scaling and bridge solution built on top of the NEAR Protocol blockchain network, has completed the payment of a $2 million bug bounty to a pair of whitehat hackers that reported vulnerabilities on the platform back in June. According to a blog post written by ImmuneFi, a leading web 3 bug bounty platform that facilitated the transaction, the whitehat hackers will each receive $1 million worth of the platform’s eponymously named native token streamed linearly over one year. The vulnerabilities the hackers discovered related to Aurora’s permissionless bridging functionality between NEAR Protocol and Ethereum. The first vulnerability was that the platform had a different ERC-20 (fungible token standard) called NEP-141. This would potentially allow an attacker to create worthless NEAR tokens, bridge them to Aurora, and then use them to withdraw ETH from the addresses of Aurora users. The second bug had to do with the burn function of the bridge. It would have allowed an attacker to create a “fake burn event” on Aurora which could then be used to withdraw ETH from the protocol’s reserve.
Full story : Ethereum Scaling Solution Aurora Pays $2 Million Bug Bounty to Hackers.