Loading stock data...

ChainChronicles

In-depth analysis of the history and development of the blockchain field

    • Cryptocurrency

    “Virtual Protocol Fixes Bug, Offers Bounty to Researchers Who Discover Similar Flaws”

    Chainchronicles Posted on

    In a recent development, blockchain firm Virtuals Protocol, focused on artificial intelligence agents, has issued a timely fix and relaunched its bug bounty program following an unexpected discovery of a bug in one of its audited contracts. The incident highlights the importance of having an active bug bounty program in place to encourage responsible disclosure.

    The Discovery

    On December 3, 2024, pseudonymous security researcher Jinu made contact with Virtuals Protocol after discovering a vulnerability in one of its audited contracts. However, upon reporting the issue, Jinu learned that the company did not have an active bug bounty program at the time, which meant that the discovery did not qualify for a reward.

    White Hat Hacker Reveals Vulnerability

    According to Jinu, the Virtuals Protocol team also closed the Discord group created solely to report the vulnerability. In an X thread, Jinu shared:

    The vulnerability is simple and can impact the virtuals ecosystem (but virtuals probably doesn’t care about security).

    Jinu explained to Cointelegraph that the vulnerability was related to a lack of validation when creating AgentTokens based on the internal bond threshold. "If exploited, this vulnerability would have prevented AgentTokens from being generated until the contract was fixed," Jinu said.

    Relating to Larger Context

    The discovery by Jinu is particularly significant in light of the growing importance of blockchain security and the need for companies to prioritize responsible disclosure. With the rise of decentralized finance (DeFi) and other blockchain-based applications, the potential consequences of a vulnerability can be severe.

    According to a report by Chainalysis, the total value locked (TVL) in DeFi protocols has continued to grow, with the sector reaching new heights in 2024. However, this growth also brings increased risks, as the complexity of these systems makes them more vulnerable to attacks.

    Virtuals Protocol’s Response

    After the information was made public on X, Virtuals Protocol contacted Jinu and issued an immediate fix. In a message to the researcher, the company thanked Jinu for reporting the issue and apologized for earlier miscommunication:

    Hey jinu we have verified the vulnerability and applied a patch below. Thank you for bringing this up to us and we apologise for the miscommunication between support and yourself. Let us internally review the severity of the issue and we will issue you a bug bounty shortly,

    When asked about the bounty expectations, Jinu said they are unaware of the general rewards for bug discoveries.

    Background on Virtuals Protocol

    Virtuals Protocol has been working on developing artificial intelligence agents that can interact with blockchain-based systems. The company’s token has gained attention from investors, and its ecosystem is expected to expand in the coming months.

    Jinu told Cointelegraph that they got interested in Virtuals Protocols after a friend invested in a token created on Virtuals:

    I spent about 30 minutes looking at the code to see if it was well done,

    Before they came across the bug.

    Conclusion

    The recent incident involving Jinu and Virtuals Protocol highlights the importance of having an active bug bounty program in place. While the company has issued a timely fix, the delay in announcing a reward for the discovery raises questions about its commitment to responsible disclosure.

    As blockchain-based applications continue to grow in complexity and usage, it is essential that companies prioritize security and transparency. By doing so, they can not only prevent potential vulnerabilities but also foster trust with their users and investors.

    Timeline of Events

    • December 3, 2024: Jinu contacts Virtuals Protocol after discovering a vulnerability in one of its audited contracts.
    • After reporting the issue, Jinu learns that the company does not have an active bug bounty program at the time.
    • The Virtuals Protocol team closes the Discord group created solely to report the vulnerability.
    • Jinu shares information about the vulnerability on X.
    • Virtuals Protocol contacts Jinu and issues an immediate fix.

    Future Developments

    Cointelegraph has reached out to Virtuals Protocol for comment, but at the time of writing, no response had been received. The company’s commitment to responsible disclosure will be closely watched by the blockchain community in the coming months.

    The incident involving Jinu and Virtuals Protocol serves as a reminder of the importance of bug bounty programs and transparency in the development of blockchain-based applications.

    Recommendations

    Companies working on blockchain-based projects should prioritize responsible disclosure and have an active bug bounty program in place. This will not only help prevent potential vulnerabilities but also foster trust with their users and investors.

    By prioritizing security and transparency, companies can ensure that their applications are secure and reliable, ultimately contributing to the growth and adoption of blockchain technology.

    Additional Reading

    • Magazine: How crypto laws are changing across the world in 2025

    Chainchronicles
    View all posts

    You Might Also Like