Techly NewsGet the app

Get the latest tech news

Sei pays out $2M bug bounty


In April 2024, I found and reported two critical bugs to Sei Network concerning their layer-1 blockchain. One of these issues impacted the chain’s availability, and the other its integrity. The Sei Foundation awarded me $75,000 and $2,000,000 respectively for these reports.

When browsing through the fix commit and subsequent changes made as a result of the previous issue, I noticed some interesting code at the junction of Sei’s Cosmos and Geth modules. The EVM uses 256 bit registers that we can set freely as opcode arguments but the state transition handling code for CALL and CREATE treat these as unsigned integers, so they are always positive. While the token theft mechanism is perfectly valid according to the chain’s code, certain types of faults like committing invalid blocks will be rejected by honest full nodes.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of bug bounty

bug bounty

Related news:

News photo

Microsoft paid Tenable a bug bounty for an Azure flaw it says doesn't need a fix, just better documentation

News photo

Sovereign Tech Fund Makes New Investments Into GNOME & PHP, Bug Bounty For systemd

News photo

Bugcrowd snaps up $102M for a ‘bug bounty’ security platform that taps 500K+ hackers

« Feds sue Adobe and execs for stinging subscribers with 'hidden' cancellation fees
Ask Jerry: Can my phone give me cancer? »