The 0d team is part of dWallet Labs. 0d experts claim that a vulnerability in Tron allowed the owner of a part of the signature to gain unlimited access to a wallet protected by a multi-signature and all assets stored there.
Back in February, the 0d team reported the vulnerability to the Tron developers through the HackerOne project, and the issue was fixed a few days later.
A Tron spokesperson confirmed that the developers received the report from the HackerOne project and “fixed the problem as quickly as possible, applying the necessary patches, so that the vulnerability could not and cannot be exploited.” The amount of remuneration paid to cybersecurity specialists is not reported.
According to Odsy Network co-founder Omer Sadika, the error was fairly trivial and easy to fix:
“When checking a multi-signature on the Tron network, it was checked that this signature had already been calculated, and it was assumed that two different signatures for the same transaction could not be created by the same person. To eliminate the vulnerability, it was necessary to verify not the signature with the list of signatures, but the address of the signer with the list of addresses.”
In 2019, Tron developers fixed a vulnerability that allowed them to bring down the entire network from a single computer.
Source: Bits
I am an experienced journalist, writer, and editor with a passion for finance and business news. I have been working in the journalism field for over 6 years, covering a variety of topics from finance to technology. As an author at World Stock Market, I specialize in finance business-related topics.
