A vulnerability in the State Guardian Network was found by Jump in what the security agency termed “Election Fraud? Double Voting in Celer’s State Guardian Network.” The release by Jump said that the vulnerability could have compromised the State Guardian Network had a malicious validator exploited it. At risk was the Celer cBridge and the applications built on the network.
Bug reported by Jump Crypto and fixed
The release said that Jump privately reported the bug, which has already been fixed by the Celer team.
1/ We just published another writeup from @_fel1x about a double voting issue in @CelerNetwork that put over $130M locked into the Celer cBridge at risk: https://t.co/Yd8yBWcj57
— Jump Crypto 🔥💃🏻 (@jump_) May 24, 2023
Jump Crypto is a web security platform that works towards the prevention of malicious exploits by finding and reporting bugs such as what was found in the Celer’s State Guardian Network (SGNv2)code.
The report by Jump Crypto highlighted that Celer, a cosmos-based interoperability blockchain, has its cross-chain bridging built on the State Guardian Network.
Exclusion of validator codes in bug bounties
It said that the validators behind the monitoring of the network and its bridges often do not operate on open source code, so they are mostly excluded from the many bug bounty programs initiated by blockchain networks, despite the fact that they’re as important to the security of the networks as the on-chain component of the network.
The release said that the discovery of the bug was made possible due to the fact that Celer made public a part of the SGNv2 code.
“Celer recently open-sourced parts of the code for SGNv2, so we decided to take a look at the implementation of its cross-chain event forwarding,” said the Jump crypto document.
It stated that the risk posed by such bugs would be mitigated if all codes were open source, noting that even though Celer offers a $2 million bug bounty, the off-chain component such as SGNv2 should not be overlooked.