More about this
The team noted that the discovered vulnerability allows anyone who has a signature in a multisig account, regardless of weight, to 100% overcome the security settings to the crypto network. At the same time, the threshold and the number of parties who conduct these signatures do not matter.
In February, they contacted the developers of the project. To do this, the interface of a special program was used. The developers were able to recognize the existence of the vulnerability. They fixed it in just a few days.
The research experts were rewarded for the detected malfunctions with a high degree of risk. However, the representatives of the project did not report the amount of remuneration.
The researchers explained that the multisig operations reconciliation mechanism involved in the crypto network matches signatures with a list in order to prevent double use.
However, the hacker was able to create random addresses for the cryptographic signature, except for the deterministic one, as a result, he bypassed the protection and received the necessary weight to confirm the transaction.
