Blockchain Researcher Finds Security Vulnerability in Altcoin Platform! Here's the Team's Response - Koin Bulletin

Blockchain security researcher 'Jinu' announced that he has identified a serious security vulnerability in the Virtuals Protocol with a post shared on social media.

According to Jinu's statements, this vulnerability can prevent the protocol from launching new tokens on Uniswap and poses a potential threat to the ecosystem.

Jinu stated that the vulnerability is based on a simple mechanism. According to this, an attacker can create a pair named AgentToken(predict)<>VIRTUAL (0x0b3e328455c4059eeb9e3f84b5543f74e24e7e1b) on Uniswap v2, making it impossible for the Virtuals Protocol to launch new tokens on Uniswap.

Jinu summarized the operation of the security vulnerability as follows:

1. Nonce Estimation: The attacker can predict the next AgentToken to be created by using the nonce in the AgentFactoryV3 contract.

2. Verification Missing: When creating a new AgentToken, it does not verify whether the pair already exists on Uniswap v2.

3. Conflict Issue: If a pair has been created before, Uniswap v2's factory contract rejects this situation and the transaction is cancelled. In addition, it is possible for the attacker to create a pair even with a non-existent contract.

The convergence of these three steps means that the attacker can completely prevent the creation of a new AgentToken for the Virtuals Protocol and provide liquidity on Uniswap.

Fast response from the Virtuals protocol

Shortly after Jinu's posts, the Virtuals Protocol team made a statement on social media, using the following expressions:

Thank you @lj1nu for reporting this to us. We have released a patch to fix this security vulnerability. Security is our top priority. We will soon launch a bug bounty program and share the details.