In a new posting on bounty platform Hacker One, security researcher and white hat hacker Viacheslav Sniezhkov has noted that an apparent – and major – bug present on Augur might lead to a massive loss of funds.
In a post, Sniezhkov has revealed that malicious hackers could feasibly deliver fraudulent data into Augur’s user interface. Sniezhkov has explained that by deploying malicious websites with hidden iframe code, hackers could feasibly modify configuration files stored within a user’s computer and alter Augur’s user interface to depict erroneous or fraudulent data.
As Sniezhkov notes, “A third-party site can include a hidden iframe which can override “augur-node” configuration variable of a running augur application. This variable is persisted in localStorage. In the case of browser page reload (user action or browser/OS crash), the normal “augur-node” websockets endpoint will be replaced with the provided by attacker so that all the markets data, addresses and transactions can be masqueraded.”
The Forecast Foundation – which oversees the development of Augur – has awarded Sniezhkov a $5,000 USD bounty and has since resolved the error. There is, however, no word as to whether the vulnerability has actually resulted in any users losing their funds.
Augur officially went live in July this year, and has since endured both a fruitful launch and early controversy. The platform enables users to create predictions on the outcome of any event, whereafter users can create betting markets and stake funds on the probabilities involved.
Cryptocurrency communities have been left to debate the role of ethics, morality, and censorship resistance as controversial ‘assassination’ markets have appeared on the platform.
As their name might imply, assassination markets gamble on predictions that certain public figures may be murdered within a set duration of time. A common candidate, for example, is US President Donald Trump – with several polls offering predictions as to whether the incumbent US leader might see out his term of office in 2018.
At press time, Augur’s REP tokens are down by -8.61% and presently trade at $23.45 USD.