Avalanche’s lead Ethereum developer prevented an ecosystem meltdown worth $24 billion. Ethereum developer Peter Szilagyi published his vulnerability report detailing how a bug discovered in Avalanche could bring down the entire network. On March 29, 2022, Péter Szilágyi discovered a bug in the PeerList Avalanche package that could easily be exploited by an attacker. He contacted the Avalanche development team, who quickly patched the vulnerability.The Avalanche network communicates using a set of PeerLists that can only be sent by validating nodes. The only vulnerability, Silaji explained, is that an attacker would need to add 2,000 AVAX tokens as a validating node and send a malicious PeerList packet to network nodes.
Szilágyi explained: Since all nodes in the network connect to all validators, this is instant death for the entire network. He added: The price is of course 2000 AVAX, but I consider it acceptable because a good short can make a nice profit, and the network still recovers after a few hours, so the long-term value is not lost due to malicious control. As of March 2022, the market value of Avalanche Network is estimated to be over $24 billion. If the vulnerability were transmitted through a malicious attack, the disruption to the ecosystem would be fatal.
When the DeFi Pangolin protocol was introduced at Avalanche in February 2021, the network encountered a “cross-chain termination” error that forced it into “self-healing mode.” During the avalanche, there was a high load on the network, which caused some validators to accept some invalid mint transactions. As a result, the network had to stop all transactions for several hours. Developers quickly fixed the issue and completed all pending transactions.