A vulnerability report was released to the public earlier today highlighting an attack that could have taken down the entire Avalanche Network, one of the largest Layer 1 blockchains.
The vulnerability was first discovered by Ethereum team lead Peter Szilagyi on March 29. At the time of discovery, Avalanche had more than $9 billion in total value locked (TVL) and a market capitalization of roughly $24 billion, according to DeFi Llama and Coingecko, respectively. This issue has since been patched.
Ava Labs declined to comment for this story.
The report released by Szilagyi laid out a timeline of events that occurred leading up to the public release, as well as details regarding the vulnerability.
When Szilagyi discovered the vulnerability on March 29, he suggested to Avalanche they push through a patch to fix it. The team responded quickly, patching the vulnerability that same day.
The vulnerability was a “remote node crash via malicious PeerList package,” Szilagyi said.
In other words, a malicious attacker could have funded an Avalanche node for roughly $179,000, sent out malicious PeerList packages (used for network communication) to other nodes, and effectively taken down the network.
The attacker could also have opted to run a non-validator node (connected to only validators vs. all nodes in the network) that would effectively give the same result but would take much longer to play out.
Szilagyi provided more details, writing, “Avalanche is very relaxed on the network connections it makes, and even a single connection is enough to take down a node.” “Since all nodes in the network connect to all validators, it's pretty much an insta-death for the entire network,” he added
Szilagyi wrote in the case of an attacker funding a new validator to run this attack, they would opt to put in a short on the AVAX token even with the up-front cost of $179,000.
This is because “the network would rebound anyway after a few hours so no long-term value lost in the malicious validator,” Szilagy said in his report.
Vulnerability report highlighted attack that could have taken down the Avalanche Network
THE BLOCKPublished on 2022-09-09Last updated on 2022-09-09
Abstract
A vulnerability report was released to the public earlier today highlighting an attack that could have taken down the entire Avalanche Network, one of the largest Layer 1 blockchains.
Trending Cryptos
Related Reads
Trading
Hot Articles
How to Buy AVAX
Welcome to HTX.com! We've made purchasing Avalanche (AVAX) simple and convenient. Follow our step-by-step guide to embark on your crypto journey.Step 1: Create Your HTX AccountUse your email or phone number to sign up for a free account on HTX. Experience a hassle-free registration journey and unlock all features.Get My AccountStep 2: Go to Buy Crypto and Choose Your Payment MethodCredit/Debit Card: Use your Visa or Mastercard to buy Avalanche (AVAX) instantly.Balance: Use funds from your HTX account balance to trade seamlessly.Third Parties: We've added popular payment methods such as Google Pay and Apple Pay to enhance convenience.P2P: Trade directly with other users on HTX.Over-the-Counter (OTC): We offer tailor-made services and competitive exchange rates for traders.Step 3: Store Your Avalanche (AVAX)After purchasing your Avalanche (AVAX), store it in your HTX account. Alternatively, you can send it elsewhere via blockchain transfer or use it to trade other cryptocurrencies.Step 4: Trade Avalanche (AVAX)Easily trade Avalanche (AVAX) on HTX's spot market. Simply access your account, select your trading pair, execute your trades, and monitor in real-time. We offer a user-friendly experience for both beginners and seasoned traders.
8.2k Total ViewsPublished 2024.03.29Updated 2026.06.02
Discussions
