Avalanche shared an update on Wednesday notifying users of a bug ‘how web browsers handle confidential information’ declare that the move is part of industry-wide effort to improve the security of crypto wallets.
The post described the bug as “historic, low-risk” with no history of losing money. The bug is not from the wallets nor does it affect mobile apps, Avalanche confirmed; is more likely the result of kinks in the normal browser caching process.
A possible scenario of an exploit is when a wallet’s 24-word seed phrase (recovery) is recorded in a file in plain text format when a user types in a browser. Attackers can obtain this file before it is overwritten and while the mnemonic is still stored on the device’s storage disk, thereby gaining the user’s seed phrase. Similarly but in a case where the cached seed phrase is secured on a cloud platform, attackers can illegally gain access to a user’s cloud storage space and steal the seed phrase.
Only web wallet users are potential targets
The post clarified that users whose seed phrases are created for accounts on hardware wallets are not affected by the bug. Those likely to be affected include users who opened web wallets prior to the March 25 patch.
“If you created an account in a web wallet and the browser incorrectly cached (temporarily saved) your seed phrase on disk, and then you later entered the seed phrase into a hardware wallet, you are possibly affected.”
Avalanche advised users who are using or have previously used web wallets in relation to their seed phrase to take precautionary measures such as migrating to hardware wallet solutions.
MasterCard executives hailed subnet technology as the innovation the blockchain space has been waiting for
In a webinar session Tuesday with Ava Lab’s John Nahas, MasterCard’s VP of Product and Innovation, Harold Bosse noted that Avalanche’s subnets allow users to achieve what they previously couldn’t on the public blockchain . His comments were in response to a question from Nahas about how subnetting provides a differentiator. The bosses added that the game plan is for the subnets to operate like the internet today.
Chainlink VRF and Chainlink Keepers launch on Avalanche
Elsewhere on the Avalanche network, a decentralized hyper-reliable network for automating smart contract execution Chainlink Keepers and Chainlink VRF, a secure verifiable random number generator for smart contract developers, have been officially launched. An announcement sent out last Thursday revealed that Avalanche developers have found a new way to ensure zero downtime with Chainlink Keepers.
Chainlink Keepers will also help developers improve the security of DevOps activities delegated to their smart contracts. Other benefits include a reduction in time to market for apps, a lighter workload, the introduction of sophisticated features, and a streamlined UX. The launch complements steps Avalanche has taken to improve the experience for developers on the network.
Chainlink Keepers for smart contract automation
The functionality of the tool will relieve Avalanche developers of most tasks, as they can create use cases that are independent of the centralized automation process.
As a decentralized transaction automation service, Chainlink Keepers allows developers to use custom trigger points to automate any smart contract operation. You can set pre-determined requirements that Keepers monitor regularly and when they are met, on-chain transactions are sent to execute the smart contract. Better still, the service is protected by the same untouchable Sybil-resistant nodes that help secure multi-billion dollars across the Chainlink price feeds.
Several smart contract functions such as liquidating specific positions, harvesting income and executing limit orders can be automated.
Chainlink VRF for tamper-proof randomization
With Chainlink VRF, developers get a handy tool that acts as a random number generator whose trusted and tamper-proof nature inspires trust. Through the platform, Avalanche developers can now build apps that use verifiable randomization to help secure non-fungible token minting, deliver fair in-game results, randomly select governance members to complete specific activities, and more other utilities in DeFi, NFT, DAOs.
Among other benefits, VRF allows multiple random outputs to be bundled into a single transaction through the VRF coordinator. This reduces both cost and latency. Additionally, multiple address subscription delegation allows for up to 100 smart contracts, providing streamlined fund management for Avalanche developers dealing with multiple smart contracts.
Avalanche (AVAX) will be listed on the leading Japanese exchange OKCoin
Last Friday, the Avalanche team announced that AVAX, the network’s native token, would be listed on OKCoin Japan. The listing will improve token availability for users in the Asian country and will help in general adoption.
To learn more about Avalanche, visit our Investing in Avalanche guide.