China News by Thebittimes.Com

Bitcoin developers today disclosed details of another high-severity software bug. According to senior Core developers, over 13% of the home and business computers around the world that enforce Bitcoin’s rules are vulnerable to a remote shutdown. The bug, named CVE-2024-35202, affects Bitcoin nodes running Core software prior to version 25.0. Nodes that have not updated to at least 25.0 allow an attacker to remotely exploit an assertion in the software logic that handles block transaction (‘blocktxn’) messages. Specifically, the vulnerability stems from Core’s compact block protocol, which uses shortened transaction identifiers to reduce internet bandwidth use. An attacker can trigger a collision in these identifiers, causing the node to request a full block. Although requesting a full, unabridged block is a safety precaution, software versions prior to 25.0 have a flaw in their handling logic of subsequent blocktxn messages. In short, the node can be forced into an invalid state th...

The project was previously audited by Trail of Bits and Hats Finance. Decentralized U.S. dollar stablecoin protocol Raft claims that despite multiple security audits, the firm still suffered a security exploit leading to the loss of $6.7 million last week. According to the project's Nov. 13 post-mortem report, a few days prior, a hacker borrowed 6,000 Coinbase-wrapped staked Ether (cbETH) on decentralized finance protocol Aave, transferred the sum to Raft, and minted 6.7 million Raft stablecoin, dubbed "R," using a smart contract glitch. The unauthorized minted funds were then swapped off the platform through liquidity pools on decentralized exchanges Balancer and Uniswap, netting $3.6 million in proceeds. The R stablecoin depegged after the attack.  According to the report: "The primary root cause was a precision calculation issue when minting share tokens, which enabled the exploiter to obtain extra share tokens. The attacker leveraged the amplified index value...