– Jump Crypto’s disclosure of a vulnerability in Celer’s State Guardian Network (SGN), the proof-of-stake blockchain connecting decentralized networks.
– Celer’s plans to integrate the State Guardian Network (SGN) codebase into a bug bounty program, recognizing the need to reward such discoveries.
Celer is a blockchain interoperability protocol that enables crypto users to access tokens, NFTs, DeFi, and many blockchain-based apps across multiple chains. In the last few years, it gained a reputation for being a reliable option for crypto users as well as investors. However, its successful ride was hit by a roadblock when Jump Crypto, a research-driven trading firm, disclosed a vulnerability in Celer’s State Guardian Network.
The State Guardian Network (SGN) is Celer’s proof-of-stake blockchain that connects different decentralized networks. It’s an inter-chain messaging router that brings together many entities willing to exchange information in a decentralized manner. More specifically, it works on a consensus mechanism that allows validators to vote multiple times. And that’s where Jump Crypto found the glitch.
What vulnerability did Jump Crypto discover, and what was Celer’s response to that?
TheirJump Crypto’s report disclosed that the network allows validators to compromise the platform’s functionality. According to it, the validator could vote as many times as they wanted, exposing the network to harmful updates. As soon as the news was out, Celer was on all fours to get rid of it. And the good thing is they did it before the vulnerability could cause any major security concerns.
On May 24, Celer released a statement saying that it patched the vulnerability highlighted by Jump Crypto. The company also clarified that no funds were lost since the vulnerability was not publicly accessible. Furthermore, as a goodwill gesture, Celer informed that it has planned to fund a bug bounty grant to Jump Crypto.,
It said that no bug bounty program currently rewards such a discovery. So they are planning to raise a bespoke proposal to honour the Jump Crypto team for their investigative work. More specifically, they said they’ll integrate the SGN codebase into the bug bounty program to meet this purpose.
The incident highlighted one of the many vulnerabilities in the DeFi world. This also happens because of the experimental nature of the projects and protocols. And while Celer’s case was quite harmless, many others weren’t. One recent instance was of Tornado Cash’s governance DAO, compromised by a malicious attack.
