Researchers have revealed information about a recently fixed major vulnerability in the Aptos blockchain ecosystem’s Move virtual machine. The flaw “may lead Aptos nodes to fail and create denial of service (DoS),” according to a technical report issued earlier this month by Numen Cyber Labs of Singapore.
Aptos is a newcomer to the blockchain industry; its mainnet was deployed on October 17, 2022. It originated from the Diem stablecoin payment platform offered by Meta (now Facebook), which also developed the Novi digital wallet.
Move, a Rust-powered technology intended to develop and run smart contracts in a safe runtime ecosystem, also referred to as as the Move Virtual Machine, is used to construct the network (aka MoveVM).
Numen Cyber Labs discovered a flaw in the Move syntax validation code (“stack usage verifier.rs”), which checks bytecode commands before their execution in MoveVM. It refers mainly to an integer overflow flaw in the stack-based Web3 programming language, which might lead to unpredictable functionality and hence breakdowns.
“Because this vulnerability exists in the Move execution component,” the cybersecurity company stated, “if the bytecode program is processed on a chain node, it will result in a [Denial-of-Service] attack.”
“In extreme circumstances, the Aptos network may be entirely shut down, which will inflict significant harm and have a major effect on the node’s resilience.”