Due to a security issue, arbitrary tokens might be created infinitely. The BNB team was discreetly informed of the problem.
Jump Crypto, a Web3 infrastructure company, has found a bug in the BNB Beacon Chain that might let anyone manufacture any number of tokens at any time. The BNB team was privately informed of the problem, which allowed for the rapid creation and distribution of a patch.
Jump Crypto published a thorough report about the vulnerability discovered two days prior in a blog post dated February 10 that said it could have "led to a substantial loss of assets."
The Ethereum Virtual Machine-compatible Smart Chain, based on a fork of go-ethereum, and the Beacon Chain, constructed on top of Tendermint and Cosmos SDK, make up the BNB Chain, according to the article.
The Beacon Chain, on the other hand, makes use of a fork of BNB with various BNB-specific modifications that is hosted on GitHub. “It deviates from the Cosmos SDK upstream in several ways, motivating us to take extra care in reviewing the differences,” notes Jump Crypto, of which they just began an extensive research project aimed at identifying and fixing vulnerabilities across programs via coordinated disclosure.
A fraudulent transfer made possible by the flaw would allow an attacker to create practically infinite amounts of BNB tokens, which would result in destination accounts receiving far more BNB tokens than the sender originally sent. According to Jump Crypto:
“Bugs that allow infinite minting of native assets are some of the most critical vulnerabilities in Web3. As such, this finding is proof that we all must stay vigilant and collaborate to elevate security assurances across all projects.“
By utilizing overflow-resistant arithmetic techniques for the SDK coin type, the BNB team was able to resolve the problem. In the event that the coin computation overflows, the patch will cause a golang panic and a transaction failure.
The native blockchain powering the cryptocurrency exchange Binance is called BNB Chain. Changpeng Zhao, the CEO of the business, tweeted his appreciation to the Jump Crypto team for finding the bug:
Many thanks to @jump_ for reporting this bug. They got a great security team. Really appreciate it. https://t.co/bqidp5X3Y2
— CZ 🔶 Binance (@cz_binance) February 10, 2023
Following the compromise of almost $80 million worth of bitcoin via a cross-chain hack in October 2022, the BNB Chain was temporarily stopped. According to an official Reddit post, the breach started on the BSC Token Hub and finally led to the production of an "additional BNB."
