Web3 infrastructure company Jump Crypto has discovered a vulnerability in the Binance BNB Beacon Chain, which will allow it to mint an unlimited number of tokens. The issue was disclosed privately to the BNB team, so a patch could be developed and deployed within 24 hours.
In a blog post from February 10, Jump Crypto announced a detailed report on a vulnerability discovered two days earlier, which could “cause the loss of large funds.”
According to the report, the BNB Chain consists of two blockchains – the EVM-compatible Smart Chain (BSC), which is based on the go-ethereum fork and the Beacon Chain, built on top of Tendermint and the Cosmos SDK.
Instead, Beacon Chain uses the BNB fork hosted on GitHub with some BNB-specific changes. “It deviates from the upstream Cosmos SDK in many ways, motivating us to more carefully review the differences,” said Jump Crypto, which recently launched a broad research effort to find and patch vulnerabilities across projects through coordinated disclosures.
The vulnerability would allow an attacker to print an almost unlimited amount of BNB tokens through malicious transfers, meaning that the destination account would receive a greater number of BNB tokens than the sender provided. Direct Crypto notes:
“Bugs that allow unlimited mining of native assets are some of the most critical vulnerabilities in web3. So, this discovery is proof that we all need to stay vigilant and collaborate to improve security assurance across all projects.”
The BNB team fixed the problem by switching to an overflow-resistant arithmetic method for the sdk.Coin type. The patch will cause golang panic and transaction failure if the Coin count overflows.
The BNB chain is the original blockchain behind the Binance crypto exchange. The company’s CEO, Changpeng Zhao, thanked the Jump Crypto team for reporting the bug on Twitter:
Thank you very much @jump_ to report this bug. They got a good security team. Thank you very much. https://t.co/bqidp5X3Y2
– CZ Binance (@cz_binance) February 10, 2023
In October 2022, the BNB Chain was temporarily suspended after a cross-chain exploit compromised nearly $80 million worth of cryptocurrency. The origin of the breach occurred in the BSC Token Hub, which ended up creating “extra BNB,” according to an official post on Reddit.