{"id":550739,"date":"2023-02-11T19:57:51","date_gmt":"2023-02-11T16:57:51","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/jump-crypto-unveils-critical-vulnerability-on-binances-bnb-chain\/"},"modified":"2023-02-11T19:57:51","modified_gmt":"2023-02-11T16:57:51","slug":"jump-crypto-unveils-critical-vulnerability-on-binances-bnb-chain","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/jump-crypto-unveils-critical-vulnerability-on-binances-bnb-chain\/","title":{"rendered":"# Jump Crypto unveils critical vulnerability on Binance\u2019s BNB Chain"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a326cb6e3c1c\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a326cb6e3c1c\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/jump-crypto-unveils-critical-vulnerability-on-binances-bnb-chain\/#%E2%80%9D_Jump_Crypto_unveils_critical_vulnerability_on_Binances_BNB_Chain_%E2%80%9C\" >&#8221; Jump Crypto unveils critical vulnerability on Binance\u2019s BNB Chain &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Jump_Crypto_unveils_critical_vulnerability_on_Binances_BNB_Chain_%E2%80%9C\"><\/span>&#8221; Jump Crypto unveils critical vulnerability on Binance\u2019s BNB Chain &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjMtMDIvNzhkNzBjZWMtZTZmYy00NWVlLWE2OTItZjY1MmI3NDI0YmQ3LmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-4bbf85c5>Web3 infrastructure firm Jump Crypto has discovered a vulnerability in the Binance BNB Beacon Chain, which would allow the mint of an unlimited amount of arbitrary tokens. The issue was privately disclosed to the BNB team, enabling a patch to be developed and deployed within 24 hours.<\/p>\n<p>In a blog post from Feb. 10, Jump Crypto<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/jumpcrypto.com\/helping-secure-bnb-chain-through-responsible-disclosure\/\"> disclosed<\/a> a detailed report about the vulnerability found two days earlier, which could &#8220;have led to a large loss of funds.&#8221; <\/p>\n<p>As per the report, the BNB Chain is composed of two blockchains &#8211; the EVM compatible Smart Chain (BSC), which is based on a fork of go-ethereum and the Beacon Chain, built on top of Tendermint and Cosmos SDK. <\/p>\n<p>However, the Beacon Chain uses a BNB fork hosted on GitHub with several BNB-specific changes. &#8220;It deviates from the Cosmos SDK upstream in several ways, motivating us to take extra care in reviewing the differences,&#8221; notes Jump Crypto, which recently started a broad research effort dedicated to discovering and patching vulnerabilities across projects via coordinated disclosure.<\/p>\n<p>The vulnerability would allow an attacker to mint an almost unlimited amount of BNB tokens via a malicious transfer, meaning that destination accounts would receive a much larger number of BNB tokens than the sender initially provided. Jump Crypto noted:<\/p>\n<blockquote><p>&#8220;Bugs that allow infinite minting of native assets are some of the most critical vulnerabilities in web3. As such, this finding is proof that we all must stay vigilant and collaborate to elevate security assurances across all projects.&#8221;<\/p><\/blockquote>\n<p>The BNB team fixed the issue by switching to overflow resistant arithmetic methods for the sdk.Coin type. The patch will result in a golang panic and a transaction failure if the Coin calculation overflows.<\/p>\n<p>The BNB Chain is the native blockchain behind crypto exchange Binance. The company CEO, Changpeng Zhao, thanked Jump Crypto&#8217;s team for reporting the bug on <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Twitter<\/a>: <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Many thanks to <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/jump_?ref_src=twsrc%5Etfw\">@jump_<\/a> for reporting this bug. They got a great security team. Really <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>reciate it. <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/bqidp5X3Y2\">https:\/\/t.co\/bqidp5X3Y2<\/a><\/p>\n<p>\u2014 CZ  Binance (@cz_binance) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/cz_binance\/status\/1623927172045107200?ref_src=twsrc%5Etfw\">February 10, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In October 2022, the BNB Chain was briefly suspended after a cross-chain exploit compromised nearly $80 million worth of cryptocurrency. The genesis of the breach took place on the BSC Token Hub, eventually resulting in the creation of an \u201cextra BNB,\u201d<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.reddit.com\/r\/bnbchainofficial\/comments\/xxjkpy\/temporary_pause_of_bsc\/\">\u00a0shows<\/a>\u00a0an official post on Reddit.\u00a0<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"defi_newsletter\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/jump-crypto-unveils-critical-vulnerability-on-binance-s-bnb-chain\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Jump Crypto unveils critical vulnerability on Binance\u2019s BNB Chain &#8220; Web3 infrastructure firm Jump Crypto has discovered a vulnerability in the Binance BNB Beacon Chain, which would allow the mint of an unlimited amount of arbitrary tokens. The issue was privately disclosed to the BNB team, enabling a patch to be developed and deployed&#8230;<\/p>\n","protected":false},"author":1,"featured_media":550740,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/s3.cointelegraph.com\/uploads\/2023-02\/78d70cec-e6fc-45ee-a692-f652b7424bd7.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[75014,74894,112348,74882,117,70375,72287],"class_list":["post-550739","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-binance","tag-blockchain","tag-chain","tag-hacks","tag-business","tag-cybersecurity","tag-security"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/550739","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=550739"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/550739\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/550740"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=550739"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=550739"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=550739"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}