Blockchain News

Major Security Flaw Uncovered: Jump Crypto Reveals Critical Vulnerability in Celer's State Guardian Network

The flaw could have enabled a malicious validator to compromise the entire network and associated applications, including the widely-used Celer cBridge with a TVL surpassing $130 million. 

Malicious Celer Validators on the Brink

In a recent development, Jump Crypto, a leading blockchain security firm, has unearthed a critical vulnerability within Celer's State Guardian Network (SGN), a blockchain designed to enable cross-chain communication. This security flaw posed a significant risk as it could have allowed a malicious validator to compromise the entire State Guardian Network and its associated applications, including the widely-used Celer cBridge, which currently boasts a Total Value Locked (TVL) of over $130 million.

Jump Crypto promptly reported the vulnerability to the Celer team, who acted swiftly to address the issue. Fortunately, no instances of malicious exploitation were detected before the flaw was patched.

Celer's cross-chain communication and bridging products rely on the State Guardian Network (SGNv2), based on the Cosmos Proof of Stake (PoS) blockchain. Validators within the SGN monitor Celer's onchain contracts for incoming messages or transfers and facilitate their execution on the destination chain.

While the onchain smart contracts of major bridge providers undergo rigorous scrutiny, thanks to their open-source nature and bug bounty programs, the same level of scrutiny is often lacking for off-chain components.

Celer, like other bridge providers, relies on closed-source implementations and centralized components for off-chain operations, which may not be subject to the same bug bounty programs. This gap in security measures can leave these systems vulnerable.

Security Measures By Celer

To their credit, Celer has implemented defense-in-depth measures to mitigate the risks associated with this vulnerability. Outgoing transfers of high value are deliberately delayed, and the VolumeControl mechanism limits the extraction of tokens within a short timeframe. Moreover, designated Governor addresses can pause Celer's core contracts, triggering an emergency halt in the event of under-collateralization caused by malicious transfers.

Despite these safeguards, it is important to note that Celer's built-in mechanisms primarily protect its bridge contracts. As a result, Decentralized Applications (dApps) built on top of Celer's inter-chain messaging system remain exposed to these vulnerabilities. Celer is actively exploring potential solutions, such as implementing a dApp safeguard, to address this issue.

What is Celer Network:

Celer Network is the leading inter-blockchain and cross-layer communication platform in the industry. The protocol offers fast, secure, and cheap bridging between multiple chains. The Celer ecosystem comprises three unique products: inter-chain Message Framework, cBridge, and Layer2.Finance.

Where to find Celer Network:

Website | Telegram | Twitter | Discord |

Related News