Last Updated on May 31, 2023 by Bitfinsider

According to 0d, the cybersecurity research team at dWallet Labs that discovered the hole, the Tron blockchain network had a severe flaw that put $500 million at danger but is now resolved.

The major zero-day vulnerability affected Tron’s multisig accounts and could have given any single signer full access, putting the stored digital assets in jeopardy, 0d claimed on Tuesday. Od notified Tron of the vulnerability on February 19 using the latter’s bug bounty program on HackerOne, and it was addressed “within days.”

The team of the network got a bug report from HackerOne, a Tron representative, adding that the team “swiftly addressed the issue and applied necessary patches to ensure that the vulnerability could not be exploited.”

The representative continued: “We can confidently affirm that the identified problem has been effectively resolved, thereby securing the system,”

Omer Sadika, cofounder of Odsy Network, which oversees 0d and dWallet Labs, claimed that the “assumption behind the verification process” was the vulnerability’s primary cause.

“The Tron verification process checked whether a specific signature was already tallied before it was tallied towards the threshold,” stated Sadika. Therefore, it is presumed that one person cannot produce two distinct valid signatures for the same message.

Although the vulnerability was crucial, Od believed that its fix was simple. It advised comparing the signed address against the list of addresses rather than the signature against the list of signatures. The size of the bounty Tron awarded Od remains unclear.

According to DefiLlama, in terms of total value locked and stablecoin circulation, Tron is the second-largest blockchain network behind Ethereum. The Tron TVL is presently worth about $6 billion, while the total value of its stablecoin circulation is approximately $45 billion.