Virtuals Protocol fixes a contract vulnerability and promises to reward white hat researchers

According to BlockBeats, on January 3, Cointelegraph reported that an unexpected vulnerability was found in an audited smart contract. Virtuals Protocol released a timely fix and restarted its vulnerability reward program.

On December 3, 2024, a security researcher who goes by the pseudonym Jinu contacted Virtuals Protocol after discovering a vulnerability in a contract he had audited. However, after reporting the issue, Jinu learned that the company did not have a bug bounty program activated, meaning that the discovery was not eligible for a bounty.

Virtuals Protocol confirmed the white hat vulnerability discovery.

Although Virtuals Protocol has promptly fixed the vulnerability, it has not yet announced a reward for Jinu. In a message sent to the researcher, the company thanked Jinu for reporting the issue and apologized for the previous communication misunderstanding.

‘Hey Jinu, we have verified the vulnerability and applied the patch. Thank you for bringing this issue to us, and we apologize for the communication issues between the support team and you. Let us assess the severity of this issue internally and issue a vulnerability reward for you soon.’ The company representative told the security researcher.

When asked about expectations for a vulnerability reward, Jinu stated that they were unclear about the typical rewards for discovering vulnerabilities. Jinu mentioned that they were interested in Virtuals Protocol because a friend invested in a token created on Virtuals.

‘I spent about 30 minutes reviewing the code to see if it was well written,’ Jinu said, before discovering the vulnerability.