Aurora Bug Bounty Program / Reports and Rewards

A summary of Aurora’s bug reports and rewards, from the start of the Bug Bounty Program with Immunefi, April 2022, until now, September 2022.

This list will be periodically updated.

Infinite ETH Inflation Vulnerability In Aurora Engine

Picture created by Immunefi in honor of the hacker.

Hacker: pwning.eth

Hacker’s reward: $6.000.000 USD*

Immunefi fee: $600.000 USD**

Reward paid: May-17-2022

On April 26, 2022, Aurora Labs received a bug report with critical severity affecting the Aurora Engine through its Immunefi’s bug bounty program.

The bug report described an inflation vulnerability that, if exploited, would allow it to mint an infinite supply of ETH in the Aurora Engine. That artificial ETH could then have been used to drain all ETH in the bridge contract on Ethereum (more than 70k ETH at the time of the report, about $204M). Furthermore, the artificial ETH would also allow to drain all tokens from the liquidity pools containing ETH on Aurora and NEAR, also putting these tokens at risk.

Swiftly after the bug has been confirmed a patch was developed and deployed on both mainnet and testnet.

We thank pwning.eth for responsibly disclosing the vulnerability and great cooperation!

To find out more, read our blog post:

Additional sources:

*Hacker’s reward was paid in the form of 1.725.000 AURORA tokens, linearly released over a period of 1 year via service Sablier.

**Immunefi fee was paid in the form of 140.550 AURORA tokens.

ft_on_transfer handler allows theft of funds

Hacker: anonymous

Hacker’s reward: $1.000.000 USD*

Immunefi fee: $100.000 USD**

Reward paid: Jul-18-2022

The flow for bridging NEP-141 tokens from NEAR into Aurora as ERC-20 tokens could have been misused by an attacker to steal ETH from any address on Aurora.

The problematic part of the NEP-141 bridging flow is the option to charge a fee (denominated in ETH) to the recipient. The recipient is never required to approve this fee, and due to the permissionless nature of the bridge, anyone can bridge over any token.

Since the fee was never used legitimately by the bridge front-end, we simply removed the logic which sets a non-zero fee.

We thank anonymous for responsibly disclosing the vulnerability!

To find out more, read our blog post:

Additional sources:

*Hacker’s reward was paid in the form of 600.000 AURORA tokens, linearly released over a period of 1 year via service Sablier.

**Immunefi fee was paid in the form of 129.865 AURORA tokens for both this case and ‘Withdraw funds from EthCustodian without burn on Aurora side’.

Withdraw funds from EthCustodian without burn on Aurora side

Hacker: anonymous

Hacker’s reward: $1.000.000 USD*

Immunefi fee: $100.000 USD**

Reward paid: Jul-19-2022

An attacker could have withdrawn assets from the Rainbow Bridge lockers on Ethereum without burning the corresponding assets on the NEAR/Aurora side of the bridge. This theft of funds could prevent legitimate user withdrawals in the future (if there were not enough funds left in the locker).

As a short-term solution we implemented a check in the engine which forbids output that could be parsed as a bridge withdrawal event (except from the actual withdrawal function of course). This closes the vulnerability, but is a little hacky. The long term solution (which the bridge team is working on) is to have the bridge operate on NEAR proofs of state (i.e. actual token balances) instead of proofs of output from transactions.

We thank anonymous for responsibly disclosing the vulnerability!

To find out more, read our blog post:

Additional sources:

*Hacker’s reward was paid in the form of 580.000 AURORA tokens, linearly released over a period of 1 year via service Sablier.

**Immunefi fee was paid in the form of 129.865 AURORA tokens for both this case and ‘ft_on_transfer handler allows theft of funds’.

Several reports

Hacker: nnez

Hacker’s reward: $50.000 USD*

Immunefi fee: $5.000 USD**

Reward paid: Sep-27-2022

We have received a few reports from one hacker, where two of those were particularly interesting. Interesting, because they were exactly the same critical severity issues that were reported to us previously by 2 different hackers.

First one ‘Stealing ETH from any accounts on Aurora by triggering ft_on_transfer’ was reporting the same issue as ‘ft_on_transfer handler allows theft of funds’.

This was submitted with us just 4 days after the original report.

Second one ‘A receipt to withdraw ETH from EthCustodian contract can be forged using get_code function, allowing attacker to drain all the funds on the contract’ was a duplicate report to ‘Withdraw funds from EthCustodian without burn on Aurora side’. Submitted only 6 days after the original report.

If nnez has reported these issues just two weeks earlier, he might have been eligible for AURORA tokens in the value of $2.000.000 USD.

For all his effort and skill, we have decided to award nnez $50.000 USD and hope he will continue examining our code and inform us on any potential outstanding issues!

*Hacker’s reward was paid in the form of 43.860 AURORA tokens.

**Immunefi fee was paid in the form of 4.545 AURORA tokens.

Other reports

Hacker: various hackers

Reward: $11.000 USD*

We have received various additional reports that were rewarded according to the rules of our Bug Bounty Program, or appropriately to their significance.

*Rewards and fees mainly paid in AURORA tokens, with few exceptions paid in NEAR.

An update to the initial post with a summary of Aurora’s bug reports and rewards.
Date range: September 2022 - September 2023

Infinite ETH/Token Minting Vulnerability

Hacker: Goohong Jung (cybermong)
Hacker’s reward: $800.000 USD*
Immunefi fee: $80.000 USD**
Reward paid: Sept-08-2022

The bug report identifies a vulnerability in the Deposit process that allows an attacker to reuse a “proof” value and mint tokens infinitely. The vulnerability arised from a flaw in verifying the “proof” value using a sha256 hash, enabling an attacker to bypass this check by modifying the log_index value. Subsequently, the attacker could drain all tokens in the EthCustodian contract.
Kudos to Goohong Jung (cybermong) for responsibly disclosing the vulnerability and demonstrating remarkable cooperation

*Hacker’s reward was paid in AURORA tokens, linearly released over a period of 1 year via service Sablier.
**Immunefi fee was paid in AURORA tokens

Aurora Engine Call Stack Overflow

Hacker: @chai
Hacker’s reward: $1000 USD*
Immunefi fee: $100 USD**
Reward paid: Nov-18-2022

The bug report identifies an Integer Overflow vulnerability within the Aurora Engine, specifically in the record_dynamic_cost function within the Sputnik EVM code base. The vulnerability had the potential to cause the Aurora Engine EVM to crash if exploited by an adversary.

We thank @chai for responsibly disclosing the vulnerability and great cooperation!

*Rewards paid in USDT.
**Fee paid in Aurora tokens.

NearBridge does not check for contract code size at `target` of `AdminControlled.adminDelegatecall`

Hacker: @pcaversaccio
Hacker’s reward: $500 USD*
Immunefi fee: $50 USD*
Reward paid: Nov-30-2022

The bug report highlights a vulnerability related to how the EVM treats calls to non-existing contracts (Externally Owned Accounts - EOA) as always successful and how Solidity adds an extra check using the extcodesize opcode for external calls. However, this check is absent in low-level calls, like .call(), .delegatecall(), .staticcall(), .send(), and .transfer().

We thank @pcaversaccio for responsibly disclosing the vulnerability and great cooperation!

*Rewards and fees paid in AURORA tokens.

Multiple Stored XSS and SSRF vulnerabilities

Hacker: United Global Whitehat Security Team
Hacker’s reward: $50000 USD*
Immunefi fee: $5000 USD*
Reward paid: Dec-01-2022

The bug report highlights multiple web2 vulnerabilities within the RAINBOWBRIDGE.APP and AURORA applications, arising from misconfigurations in the NextJS library across various domains. These vulnerabilities can directly impact web3 assets and users, potentially leading to severe exploits, including Crypto Funds Theft, Web3 wallet takeover, Spoofed Transactions, Stored Cross Site Scripting, CSS Keylogging, defacing/serving malicious pages, and advanced phishing campaigns.

Hats off to United Global Whitehat Security Team who spotted these bugs! Thanks a bunch for helping us tighten the security screws

*Rewards and fees paid in AURORA tokens.

Unexpected Revert & Overflow in modexp precompile

Hacker: BlockSec
Hacker’s reward: $10000 USD*
Immunefi fee: $1000 USD*
Reward paid: Jan-30-2023
Two bug reports were submitted:

1. The bug report identifies an overflow defect in the modexp function of the Aurora engine, specifically when the length of the exponent (e_len) is at its maximum value (usize::MAX). The overflow occurs during calculation when e_start exceeds 96, presenting a potential security vulnerability.
2. The bug report raises an issue related to a precompiled contract (0x8) responsible for elliptic curve calculations. The report identifies a discrepancy in the contract’s behavior between versions 2.7.0 and 2.6.1, specifically regarding the handling of the point (0,0) based on a mathematical formula from the Ethereum Yellow Paper.

A huge thank you to @BlockSec for responsibly reporting the vulnerability and for an outstanding cooperation!

*Rewards and fees paid in AURORA tokens.

Phishing risk introduced by broken links

Hacker: @AgentJacker
Hacker’s reward: $1000 USD*
Immunefi fee: $100 USD*
Reward paid: Jan-25-2023

The bug report highlights a broken link on the NEAR Protocol announces the availability of the NEAR token on Ethereum - Aurora Blog page, leading to ruler.fyi. The broken link poses a potential phishing risk, as attackers could exploit it to deceive unaware users. The report emphasizes the significance of addressing this issue, as it impacts a core system. The reporter also mentions the availability of the domain “ruler.fyi” for purchase, presenting a low-cost opportunity for potential phishing exploits.

A special thanks to @AgentJacker for responsibly disclosing the vulnerability and for a superb cooperation.

*Rewards and fees paid in AURORA tokens.

Phishing risk introduced by content injection

Hacker: @adge
Hacker’s reward: $5000 USD*
Immunefi fee: $500 USD*
Reward paid: Mar-27-2023

The reporter has identified a content modification vulnerability in the help scout system associated with https://rainbowbridge.app. The vulnerability allows the insertion of malicious text into the system, which could be used to spoof content via email to users of Aurora, potentially leading to phishing attempts.

Kudos to @adge for responsibly disclosing the vulnerability and demonstrating remarkable cooperation!

*Rewards and fees paid in AURORA tokens.

Several reports on HackenProof

Lack of rate limiting on email changes

Hacker: @cyberarmy101
Hacker’s Reward: $100 USD*
HackenProof fee: $7 USD
Reward paid: May-30-2023

Spam Attack: A malicious actor can send a bulk of emails to the victim’s address through a flaw in the ‘change email’ function on the user dashboard. Potential fraud or some sort of social engineering

Email disclosure vulnerability in Aurora+

Hacker: @Me9187
Hacker’s Reward: $2000 USD*
HackenProof fee: $140
Reward paid: May-04-2023

The bug report indicates a security vulnerability in the authentication and authorization system used by the dApp Aurora.Plus. The application utilizes Supabase for these purposes. The issue pertains to the JWT (JSON Web Token) generated upon successful registration and login, which contains incorrect permissions. Specifically, the JWT allows unauthorized access to the ‘referral_counts_only_staked’ supabase object, which holds email addresses of platform users, posing a significant privacy and security risk.

Multiple subdomain takeover vulnerabilities

Hacker: @holybugx
Hacker’s Reward: $1000 USD* + $1000 USD*
HackenProof fee: $140
Reward paid: Sept-04-2023 and Sept-27-2023

The report highlights a security vulnerability discovered during a reconnaissance of the Aurora.Plus dApp main page, where references to aurora.dev were found in the page footer. Further investigation revealed that rde.aurora.dev was pointing to an unclaimed AWS elastic IP, indicating a vulnerability to subdomain takeovers. Subdomain takeovers are classified as high-risk due to their potential for severe exploitation. The potential impacts of a subdomain takeover include cookie theft, stored XSS, phishing, and hosting malicious content. These consequences could significantly compromise user security and data integrity.

Hats off to the vigilant hackers who spotted these bugs! Thanks a bunch for helping us tighten the security screws

*Rewards and fees paid in AURORA tokens.

An undercharging of EVM gas relative to the amount of computation required for certain inputs to the modexp precompile

Hacker: Guido Vranken
Hacker’s reward: $6200 USD*
Reward paid: Aug-17-2023

The bug would have resulted in Aurora downtime for average users. It only affected Aurora RPC, not the on-chain contract so it would be an infrastructure outage caused by a DOS attack.

The bug itself was an undercharging of EVM gas relative to the amount of computation required for certain inputs to the modexp precompile. This means an attacker could force a node (e.g. by eth_call) to spend many more CPU cycles than expected from the given gas limit. This bug impacted almost all EVM implementations (including geth), and probably has been present since modexp was first introduced. The fix for the bug is to use better algorithms in the modexp implementation.

We thank Guido Vranken for responsibly disclosing the vulnerability and great cooperation!

*Reward paid in AURORA tokens.

Other reports

Hacker: various hackers
Reward: $2.000 USD*

We have received various additional reports that were rewarded according to the rules of our Bug Bounty Program, or appropriately to their significance.

Big shoutout and a massive thank you to the awesome folks who flagged these bugs! Your keen eye helps keep us all safer online

*Rewards paid in AURORA tokens.