Beam Wallet Vulnerability Found

Cryptocurrency itself was launched only a week ago
10 January 2019   957

The developers of the private cryptocurrency Beam based on the MimbleWimble protocol have discovered a critical vulnerability in the Beam Wallet wallet, affecting both the desktop version and the CLI implementation.

The project team urged users NOT to delete the wallet database, because the vulnerability does not affect private keys or passwords.

At the same time, the developers offered users five simple steps.

  1. Stop your currently running Beam Wallets immediately.
  2. Uninstall or delete your Beam Wallet application and executables from all machines. DO NOT DELETE THE DATABASE or any other wallet data
  3. Make sure the application was deleted. Check the documentation for the location of Wallet app files
  4. Download Beam Wallet again from the website only. It will have THE SAME version numbers as previously published archives. Make sure the SHA256 of the archive matches with the one published on the website.
  5. Install the new application

Beam was launch a week ago, in a day of Bitcoin genesis block 10th anniversary  

Potentional Vulnerabilities Found in ETH 2.0

Least Authority have found potentional security issues in the network P2P interaction and block proposal system
26 March 2020   935

Technology security firm Least Authority, at the request of the Ethereum Foundation, conducted an audit of the Ethereum 2.0 specifications and identified several potential vulnerabilities at once.

Least Authority said that developers need to solve problems with vulnerabilities in the network layer of peer-to-peer (P2P) interaction, as well as in the block proposal system. At the same time, the auditor noted that the specifications are "very well thought out and competent."

However, at the moment there is no large ecosystem based on PoS and using sharding in the world, so it is impossible to accurately assess the prospects for system stability.
Also, information security experts emphasized that the specifications did not pay enough attention to the description of the P2P network level and the system of records about Ethereum nodes. Vulnerability risks are also observed in the block proposal system and the messaging system between nodes.

Experts said that in the blockchains running on PoS, the choice of a new block is simple and no one can predict who will get the new block. In PoS systems, it is the block proposal system that decides whose block will fall into the blockchain, and this leads to the risk of data leakage. To solve the problem, auditors suggested using the mechanism of "Single Secret Leader Election" (SSLE).

As for the peer-to-peer exchange system, there is a danger of spam. There is no centralized node in the system that would evaluate the actions of other nodes, so a “malicious" node can spam the entire network with various messages without any special punishment. The solution to this problem may be to use special protocols for exchanging messages between nodes.