A flaw in the bridge could have allowed an attacker to produce fake token transfers, but it was discovered and patched before anyone could take advantage of it.
A security flaw in the Wormhole bridge on Aptos network could have resulted in $5 million worth of losses had it not been discovered, according to a social media post from blockchain security platform CertiK. The platform claimed to have discovered the bug and reported it to the Wormhole team before it could be expl. The flaw has been patched, and the bridge is no longer vulnerable.
Aptos is a blockchain network that uses the MOVE programming language, which was originally developed by Facebook for the Libra project. Supporters of MOVE claim that it is a safer language to write smart contracts when compared to Ethereum’s Solidity or other alternatives.
The CertiK report was posted in the form of a video. It claimed the flaw “arose from an incorrect implementation of the ‘public(friend)’ and ‘entry’ modifiers in the MOVE programming language.” The ‘public(friend)’ modifier allows a function to be called by other functions within the same module or by external accounts specified on a “friends list,” but not by other callers. On the other hand, the ‘entry’ modifier specifies that a function can be called by any external account.