The Libra open-source scripting language Move featured a vulnerability which would have allowed hackers to manipulate the network’s smart contracts.
The bug was discovered by the OpenZeppelin blockchain security firm. OpenZeppelin also provides its services to other leading crypto businesses including Coinbase, Brave browser, and the Ethereum Foundation.
The Libra team quickly patched the bug once the firm revealed its findings.
The Move scripting language allows programmers to define custom resource types, in which a resource cannot be copied or erased, but only have their storage locations changed. The vulnerability was present in Move’s intermediate representation language compiler which allowed the manipulation of inline comments, through which malicious code could have been propagated through the network.
“As cryptocurrency continues to grow in popularity, it is vital for companies to audit and ensure that their networks are secure. Libra is groundbreaking, and it’s great how they involve the community by open-sourcing their…