Avalanche on Wednesday shared an update notifying users of a bug affecting ‘how web browsers handle sensitive information,’ explaining that the move is part of industry-wide efforts to improve the security of crypto wallets.
The post described the bug as a ‘historical, low risk’ one that has not resulted in any loss of funds in the past. The bug neither originates from the wallets nor affects mobile applications, Avalanche confirmed; rather is the result of kinks in the normal browser caching process.
A possible scenario of an exploit is when a wallet’s 24-word seed (recovery) phrase is recorded in a file in plaintext format when a user types into a browser. Attackers can obtain this file before it is overwritten and while the mnemonic is still held on the device’s storage disk, thus getting hold of the user’s seed phrase. In a similar way but for a case where the cached seed phrase is backed on a cloud platform, attackers can gain illegal access to a user’s cloud space and snaffle the seed phrase.
Only web wallet users make potential targets
The post clarified that users whose accounts’ seed phrases are created on hardware wallets are not affected by the bug. Those likely to be affected include users that opened web wallets prior to the being patched on March 25.
“If you created an account on a web wallet, and the browser improperly cached (temporarily stored) your seed phrase on disk, and then you typed the seed phrase into a hardware wallet at a later date, you may be affected.”
Avalanche advised users that leverage or have previously leveraged web wallets in regards to their seed phrase to take precautionary measures like migrating to hardware wallet solutions.
MasterCard exec lauds subnets technology as the innovation the blockchain space has been waiting for
In a Tuesday webinar session with Ava Lab’s John Nahas, MasterCard’s VP of Product and Innovation, Harold Bosse noted that Avalanche’s subnets empower users to accomplish what they couldn’t before in public blockchain. His remarks were in response to a question posed by Nahas on how subnets deliver a differentiating factor. Bosses added that the game plan is to have the subnets operated like the internet today.
Chainlink VRF and Chainlink Keepers launch on Avalanche
Elsewhere, decentralized hyper-reliable network used to automate smart contract execution Chainlink Keepers, and Chainlink VRF, a secure verifiable random number generator for smart contract developers, have officially launched on the Avalanche network. An announcement sent out last Thursday disclosed that with Chainlink Keepers, Avalanche developers have gained a new way to ensure zero downtime.
Chainlink Keepers will also help the devs improve the security of the DevOps activities delegated to their smart contracts. Other benefits are reduction in app go-to-market time, lower workload, introduction of sophisticated capabilities, and streamlined UX. The launch adds to the moves that Avalanche has been making toward enhancing the experience for developers on the network.
Chainlink Keepers for smart contract automation
The tool’s functionality will relieve Avalanche developers of most tasks, with the ability to construct use cases that are independent of the centralized process of automation.
Being a decentralized transaction automation service, Chainlink Keepers lets developers use customized trigger points to automate any smart contract operation. They may establish predetermined requirements that Keepers regularly monitor, and when satisfied, it sends on-chain transactions to execute the smart contract. Better yet is that the service is protected by the same inviolable Sybil-resistant nodes, which help safeguard several billions in dollar value via the Chainlink Price Feeds.
Several smart contract functionalities such as liquidation of specified positions, yield harvesting, and execution of limit orders can be automated.
Chainlink VRF for tamper-proof randomization
With Chainlink VRF, developers gain a convenient tool to serve as a random generator whose trust and tamper-proof nature assures confidence. Via the platform, Avalanche developers can now create apps that employ verifiable randomization to assist in safeguarding non-fungible token minting, provide fair in-game results, randomly choose governance members to complete particular activities, and several other utilities in DeFi, NFT, DAOs.
Among other benefits, VRF allows the bundling of multiple random outputs into a single transaction via the VRF Coordinator. This reduces both the cost and latency. In addition, subscription delegation of several addresses allows up to 100 smart contracts, allowing streamlined fund management for Avalanche developers who engage with multiple smart contracts.
Avalanche (AVAX) lists on leading Japan exchange OKCoin
Last Friday, the Avalanche team announced that AVAX, the network’s native token, would be listing on OKCoin Japan. The listing will enhance token availability to users in the Asian country, contributing to overall adoption.
To learn more about Avalanche, visit our Investing in Avalanche guide.