- Security researcher Jinu discovered a critical vulnerability in the Virtuals Protocol related to the creation of a pair of tokens on Uniswap V2.
- Virtuals Protocol quickly patched the issue and announced plans for a bug bounty program to improve security.
Jinu, a security researcher, recently discovered a significant weakness in the Virtuals Protocol smart contract system, specifically the production of token pairs on Uniswap V2. This issue arose from a bug in the Agent Token.sol contract that lacks validation for looking up current pairs on the factory contract Uniswap V2.
Without this vital protection, malicious individuals may have produced token pairs prematurely, thereby compromising the legitimacy of the platform and possibly disrupting subsequent token releases. Virtuals Protocol responded to this information by quickly issuing a patch.
Thanks @lj1nu for bringing this to our attention – patch pushed.
Security is of the utmost importance to us – we are working on a bug bounty program and will announce full details soon.
— Virtual Protocol (@virtuals_io) January 3, 2025
Virtual Protocol: Enhancing Security Through Validation and Collaboration
The team acted strongly by including Agent Token.sol contract validation procedures. By ensuring that current pairs are properly validated before new ones are generated, these improvements essentially solve the problem. Virtual protocol also published detailed details of improvements to sites such as BaseScan and GitHub to support openness.
Virtuals Protocol has also announced intentions to reopen its bug allocation program to encourage further security research. The team wants to involve the wider cybersecurity community in protecting the platform by rewarding vulnerabilities that are found and reported.
The company is now assessing appropriate compensation for the researchers’ work, as Jinu’s essential contribution to the discovery of this problem is acknowledged. This proactive approach not only highlights Virtuals Protocol’s willingness to upgrade its security system, but also sets a standard for openness and teamwork within the blockchain community.
However, this event occurred in the midst of significant activity involving the original crypto platform, VIRTUAL. Previously, in a public action, the suspected official Virtuals Protocol address withdrew 4 million VIRTUAL tokens from its liquidity pool wallet.
Namely, as before recordedon-chain movements were highlighted when one million VIRTUAL coins were moved to the Bybit deposit address shortly after the withdrawal.
Meanwhile, at the time of this writing, the VIRTUAL token has been traded out of hand approx $4.22up 20.13% in the last 7 days and 165.28% during the last 30 days.
