The cybersecurity group 0d from dWallet Labs identified a critical vulnerability in TRON’s multisignature mechanism, affecting assets worth approximately $500 million.
0d, our superstar cybersecurity research team, discovered a vulnerability in TRON multisig accounts putting over $500M of digital assets at risk — it was disclosed and fixed so there are no user assets at risk now.
A technical breakdown:https://t.co/nMj6kV6Oc3
— dWallet Labs (@dWalletLabs) May 30, 2023
“The bug allowed any signer (regardless of weight) of a multisig account to completely bypass TRON’s security settings, regardless of the threshold and the number of signatories,” the researchers said.
On February 19, they contacted the blockchain project’s team via the bounty program interface. The network developers quickly acknowledged the vulnerability and rolled out a fix within a few days.
The 0d researchers received a bounty for reporting a high-severity issue. They did not disclose the amount.
The researchers explained that TRON’s multisig transaction verification mechanism compared signatures against a list to prevent reuse of signatures.
However, an attacker could generate random addresses for signing in addition to the deterministic one. This allowed bypassing the protection and obtaining sufficient weight to authorize the transaction.
The vulnerability also allowed another attack vector that did not require any wallet permissions. The attacker would only need a transaction signed by someone partially without reaching the execution threshold. They could replicate the first signature, alter the value of recoveryId and execute a transfer.
All assets in multisignature accounts on the network worth roughly $500 million were at risk, according to dWallet Labs.
The TRON team’s changes to the code, introduced in a matter of days, eliminated the vulnerability. Instead of a signature-list verification, developers implemented message-address matching in the multisig account management mechanism.
In April became known that the developers of the Ethermint protocol in the Cosmos ecosystem fixed a critical vulnerability discovered by Jump Crypto. The bug threatened an eight-figure dollar loss.