Ethereum scaling and bridge solution Aurora pays out $2 million in bug bounties
Aurora paid out $2 million to a pair of hackers who identified critical vulnerabilities.
The EVM scaling and bridge solution has fixed the issues and no users funds were lost. The two $1 million bounties were rewarded in its native token AURORA and will be paid out linearly over 1 year. The payouts were facilitated via the ImmuneFi bug bounty platform.
The vulnerability report was announced earlier today and was discovered on June 10 by security firm Halborn.
Aurora is an EVM-compatible bridge and Layer 2 scaling solution between the Layer 1 NEAR protocol and Ethereum. The first vulnerability was related to Aurora having a different ERC-20 (fungible token standard), called NEP-141.
The bridge between the two chains is permissionless, meaning anyone can bridge over any token to any address without their permission.
An attacker could have created a worthless NEP-141 token on NEAR, bridged it to Aurora, and then sent it to unsuspecting victims on Aurora. This would allow attackers to “take ETH from Aurora addresses essentially for free,” Aurora wrote in its report. This is because there is an option in the bridge to charge a fee denominated in ETH to the recipient or victim.
The second vulnerability had to do with the burn functionality in Aurora’s bridge. When user’s bridge funds from one chain to another, the tokens are burned on one chain and debited on the other.
An attacker could have created a ‘fake burn event’ on Aurora, without it occurring. This fake event could then be used to withdraw funds from the “locker on Ethereum”, which is the Aurora bridge’s stored amount of ETH used for bridging between the chains.