Decentralized oracle network Chainlink (LINK) paid a $300,000 bounty to white hat hackers Zach Obront and Or Cyngiser (Trust), who discovered a critical bug that could have disrupted the Verifiable Random Function (VRF).
The animal
VRF is a Random Number Generator (RNG) that allows smart contracts to access random values without compromising security.
The product is used by several crypto projects, including Axie Infinity, PancakeSwap, and Aavegotchi, to protect their smart contract with tamper-proof randomness that cannot be manipulated and ensure verifiable results using cryptographic proofs.
Last year, Trust and Obront filed a report on how a malicious VRF subscription owner could have prevented users from getting this neutral randomness roll by blocking and rerolling randomness until they received the desired value.
According to the Chainlink team, this bug was categorized as a smart contract vulnerability with critical impact. add that:
“While it could compromise Chainlink VRF’s intended use of providing transparently verifiable tamper-resistant on-chain randomness, the exploitable scenario required a number of specific conditions to be met and would be detectable on-chain. Most notably, the subscription owner – a role typically managed by the team behind the dApp using VRF – must be malicious or compromised.”
Following the incident, Chainlink implemented a security feature to prevent malicious VRF owners from exploiting the issue.
Chainlink enjoys institutional interest
Chainlink’s Cross-Chain Interoperability Protocol (CCIP) technology has seen an increase in adoption compared to adoption by large traditional institutions.
Global financial messaging network Swift used the technology in August in a tokenization experiment that involved transferring tokens across multiple blockchains. The South Korean gaming giant also used it in October to power an interoperable Web3 gaming ecosystem.
Also, Hong Kong authorities have used it for value exchange in their Central Bank Digital Currency (CBDC) trials.
As a result, Chainlink’s native LINK token and Grayscale’s Chainlink Trust (GLNK), an institutional investment vehicle, have seen their values soar to new highs.