Virtuals Protocol Fixes Bug, Pledges Reward for Researcher's Discovery

An anonymous security researcher has identified a critical vulnerability in Virtuals Protocol's audited contract, prompting an urgent fix.

An unexpected bug discovered in an audited smart contract has prompted Virtuals Protocol, a blockchain company focused on artificial intelligence agents, to promptly issue a fix and restart its bug bounty program.

On December 3, 2024, anonymous security researcher Jinu contacted Virtuals Protocol after discovering a bug in one of the company's audited contracts. However, after reporting the issue, Jinu learned that the company did not have an active bug bounty program, meaning the discovery was not eligible for a reward.

White Hat Hacker Reveals Flaw

According to Jinu, the Virtuals Protocol team has also shut down the Discord group created specifically for reporting vulnerabilities. In an X thread, Jinu said:

“The vulnerability is very simple and could impact the virtual ecosystem (but virtual probably doesn’t care about security).”

Jinu explained to Cointelegraph that the vulnerability was related to a lack of validation when creating AgentTokens based on internal bond thresholds. “If exploited, this vulnerability would prevent AgentTokens from being created until the contract is fixed,” Jinu said. #VirtualProtocol