Jump Crypto Has Found A Double-Voting Vulnerability In SGN

Jump Crypto

Jump Crypto, a Web3 investor, and developer, has already identified a major vulnerability in the State Guardian Network of Celer that would allow other malicious validators to compromise upon the applications and the network dependent on it- which includes cBridge by Celer.

According to the postmortem report put up by Jump Crypto, validators were allowed to vote out more than once on the same update due to a bug in the SGN EndBlocker code. By allowing the validators to vote a few times, the malicious actors could be multiplying their voting power which would then be used to approve harmful updates. 

Jump Crypto Has Found Vulnerabilities In Celer

For those unaware, Celer is a Cosmos-based blockchain that uses cross-chain communication. Jump Crypto had previously reviewed the script after the blockchain released parts of the off-chain SGNv2 code on GitHub. The team for the protocol was then also notified about this vulnerability, which has been fixed without any malicious exploitation of the network. As the report pointed out, the vulnerability would give the validator a wide range of choices which includes the ability to spoof any and all arbitrary on-chain events such as message emissions, bridge transfers, or staking and delegation on the main SGN contract. 

Despite the security guardrails put up by Celer, the protocol isn’t fully protected. According to the report put up by Jump Crypto, the transaction limits only apply per token and chain, and due to the huge number of supported chains and tokens, it does seem possible that an attacker would be able to exfiltrate tokens with a value of around $30 million before the contracts end up being halted.