VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
Recently, a security firm discovered a stack overflow vulnerability in the Move VM that does not limit the depth of recursive calls, which can cause a total network shutdown, prevent new validator nodes from joining the network, and potentially even cause a hard fork. mainnet_v1.2.1, Aptos mainnet_v1.4.3 and earlier are all affected by this vulnerability. Suimainnet_v1.2.1, Aptosmainnet_v1.4.3, and Move-language versions after June 10, 2023 fix this vulnerability. Attack method (per SlowMist): Overflow Vulnerability. Reported loss: -.
Sourced from
slowmist
Technical record
- chain
- aptos
- protocol
- Move VM
- bug_class
- reentrancy
- date_occurred
- 2023-06-15
- loss_usd
- —
- source_id
- sm:move-vm::2023-06-15
Related — same bug class· reentrancy