bitcoin
Bitcoin (BITCOIN)
$96,327 1.84%

Bitcoin price

ethereum
Ethereum (ETHEREUM)
$1,850 4.16%

Ethereum price

binancecoin
BNB (BINANCECOIN)
$603.22 0.60%

BNB price

solana
Solana (SOLANA)
$152.05 4.71%

Solana price

ripple
XRP (RIPPLE)
$2.24 1.82%

XRP price

shiba-inu
Shiba Inu (SHIBA-INU)
$0.000014 3.26%

Shiba Inu price

pepe
Pepe (PEPE)
$0.000009 1.72%

Pepe price

bonk
Bonk (BONK)
$0.000020 3.02%

Bonk price

bitcoin
Bitcoin (BITCOIN)
$96,327 1.84%

Bitcoin price

ethereum
Ethereum (ETHEREUM)
$1,850 4.16%

Ethereum price

binancecoin
BNB (BINANCECOIN)
$603.22 0.60%

BNB price

solana
Solana (SOLANA)
$152.05 4.71%

Solana price

ripple
XRP (RIPPLE)
$2.24 1.82%

XRP price

shiba-inu
Shiba Inu (SHIBA-INU)
$0.000014 3.26%

Shiba Inu price

pepe
Pepe (PEPE)
$0.000009 1.72%

Pepe price

bonk
Bonk (BONK)
$0.000020 3.02%

Bonk price

bitcoin
Bitcoin (BITCOIN)
$96,327 1.84%

Bitcoin price

ethereum
Ethereum (ETHEREUM)
$1,850 4.16%

Ethereum price

binancecoin
BNB (BINANCECOIN)
$603.22 0.60%

BNB price

solana
Solana (SOLANA)
$152.05 4.71%

Solana price

ripple
XRP (RIPPLE)
$2.24 1.82%

XRP price

shiba-inu
Shiba Inu (SHIBA-INU)
$0.000014 3.26%

Shiba Inu price

pepe
Pepe (PEPE)
$0.000009 1.72%

Pepe price

bonk
Bonk (BONK)
$0.000020 3.02%

Bonk price

Crypto News

Virtuals Protocol Fixes Smart Contract Bug After Researcher’s Discovery

AuthorRaymond Munene
Crypto News Author
Fact Checked by Wajeeh Khan
Last updated: January 03, 2025
Disclosure
Cryptocurrency trading is speculative and your capital is at risk when you trade. We may earn affiliate commissions from some of the products on this page - at no extra cost to you.
Virtuals Protocol Fixes Smart Contract Bug After Researcher’s Discovery

Highlights:

  • A security researcher flagged a critical smart contract vulnerability in Virtuals Protocol.
  • Security updates and a relaunch of a bug bounty program were prompted after the researcher’s discovery.
  • The company also increased transparency by publishing the fix details on BaseScan and GitHub.

Virtuals Protocol, a blockchain firm focused on artificial intelligence agents, announced a critical vulnerability in its audited smart contract. Jinu, a pseudonymous security researcher, found the flaw and reported it quickly. However, the discovery came without immediate recognition because the company didn’t have an active bug bounty program.

Advertisement

Banner

Smart Contract Critical Vulnerability

The flaw was related to the creation of AgentToken within Virtuals Protocol’s ecosystem. Jinu found that the AgentToken.sol contract didn’t validate existing pairs on Uniswap V2. This precarious oversight could enable malicious actors to preemptively create Uniswap pairs, which would impede future token launches.

In addition, the predictable token addresses resulting from the Clones library also contributed to the problem. The vulnerability could disrupt the operations of the Virtuals Protocol if it remains unaddressed, temporarily preventing token launches. Concern about security measures in Virtuals Protocol’s infrastructure was raised by the severity of the issue.

The Company’s Response and Fix

Jinu initially criticized Virtuals Protocol for its response. Adding fuel to frustration, the company opted to close its Discord channel for reporting vulnerabilities. Afterward, Jinu complained that there was no immediate action about security.

Source: Jinu

Following the public disclosure of the issue on X, Virtuals Protocol contacted Jinu. The team immediately mitigated the issue by introducing validation steps in the AgentToken.sol contract. The update guarantees the existing pairs are scanned before creation to prevent conflicts with Uniswap V2’s factory contract.

To remain transparent, the company published details of other fixes on BaseScan and GitHub. Virtuals Protocol also reopened discussion on its bug bounty program to incentivize future security research.

Relaunch of the Bug Bounty Program

After the fix, Virtuals Protocol said it plans to relaunch its bug bounty program. It is a security initiative designed to enable more researchers to report vulnerabilities before they are exploited. Jinu was thanked by Virtuals Protocol for bringing attention to the issue itself and a reward will be given after the severity of the flaw is evaluated.

Earlier, the company acknowledged communication lapses and apologized to Jinu for the delays. Discussions about the reward for Jinu’s discovery are still ongoing. The company stated that it is assessing the impact of the vulnerability in order to make an appropriate bounty.

Virtuals Protocol aims to rebuild trust and avoid anything similar from happening in the future through these steps. The relaunch of the bug bounty program is a way for the company to further improve the security across its ecosystem.

In November 2024, Uniswap announced a $15.5 million bug bounty reward for the upcoming V4 core contracts. The program’s goal was to identify critical vulnerabilities before deployment. Penalties ranged from $2,000 to $15.5 million, based on severity. Issues considered high risk would earn up to $1 million while medium-risk issues would bring in $100,000.

Uniswap V4 promised reduced costs and more customizable features. Despite extensive audits and past research, the bounty ensures additional security, highlighting Uniswap’s commitment to DeFi advancements.

eToro Platform

Best Crypto Exchange

  • Over 90 top cryptos to trade
  • Regulated by top-tier entities
  • User-friendly trading app
  • 30+ million users
9.9

5 Stars

Visit eToro

eToro is a multi-asset investment platform. The value of your investments may go up or down. Your capital is at risk. Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment and you should not expect to be protected if something goes wrong.

Advertisement

Banner

Related Articles:

Advertisement

Banner

Advertisement

Banner