- The researchers at dWallet Labs reported that Tron verifies signatures instead of signers.
- They revealed that the vulnerability could have affected the $500 million assets stored in Tron multisig accounts
- 0d had once made a report about the vulnerability to Tron in February, and Tron had it fixed after a few days.
In an age where scammers and cybercriminals are roaming around in the Web3 space and looking for an easy score, researchers, investigators, and security firms have made it their job to discover vulnerabilities (ranging from critical to minimal harm) within the Web3 ecosystem.
On May 30, the research team at dWallet Labs—a blockchain cybersecurity company—announced that it had discovered a vulnerability in Tron Multisig, which could put the digital assets worth $500 million and stored on accounts on Tron at risk.
According to 0d—the research team—there was a discovery of a critical zero-day vulnerability on the Tron network. This vulnerability could enable any signer with a Multisig account to overcome the multi-sig security provided by Tron, irrespective of the number of signers stated in the account.
“Verifiers cannot distinguish between randomly chosen nonces and deterministic ones,” 0d said.
How Does This Work?
Multisignature wallets allow for joint custody of accounts, providing users with different keys, which would all be required whenever they needed access to approve transactions.
According to dWallet Labs, Tron checks for the uniqueness of signatures and does not verify the signer of the accounts. Therefore, each signature created through a nonce would be regarded as a credible vote and permit anyone possessing the signatures a double vote.
This could have been a chance for anyone wandering upon Tron’s vulnerability to jeopardize the security of the $500 million of assets stored on the platform since the verifier could not identify whether the deterministic process created the random signature or was utterly unexpected.
“We can bypass the multisig verification process by signing the same message with non-deterministic nonces of our choice,” 0d said.
Doing so would have granted the research team permission to create various valid signatures for the same message by the same private key.
Thus, anyone with malicious intentions could conduct several transactions in all multi-sig wallets, which they are privy to, despite the thresholds in place.
0d stated that it had reported this vulnerability issue to Tron in February through the bounty program, and the company had responded swiftly, providing a fix a few days later. As a result of this report, 0d was given a bounty reward for discovering a high-severity vulnerability through Tron’s bounty program.
Tron’s solution in fixing the vulnerability was commended as simple and efficient. Rather than compare the signatures against the list of signatures, the verifiers now compare the signed address against the list of addresses.
Conclusion
Tron Multisig was saved from what would have been a catastrophic incident should any attacker have discovered 0d; the dWallet Labs’ research team reported the high-severity vulnerability within the network. Tron Multisig has since fixed the vulnerability and launched an updated version.
