Virtuals Protocol, a blockchain company specializing in artificial intelligence agents, rapidly addressed a critical vulnerability in its smart contract following a disclosure by an anonymous security researcher known as Jinu. The issue was identified on December 3, revealing a flaw in the process of creating AgentTokens based on internal bond thresholds. If left unaddressed, this vulnerability could have halted the generation of these tokens.
The discovery caught Virtuals Protocol off-guard as they had no active bug bounty program at the time, leaving the researcher without a reward. Initially, the company even closed a Discord channel dedicated to handling such reports. Despite these initial setbacks, Virtuals Protocol swiftly rectified the contract flaw after Jinu publicized the vulnerability on social media platform X.
Acknowledging the oversight, Virtuals Protocol officials reached out to Jinu, expressing gratitude and apologizing for communication gaps. They committed to reviewing the severity of the vulnerability and assured the researcher a bug bounty was forthcoming.
Jinu, who stumbled upon the bug while examining the protocol’s code prompted by a friend’s investment, highlighted the lax validation in the contract creation process. Without familiarity with standard bounty rewards, Jinu remains uncertain about the potential compensation.
Cointelegraph has approached Virtuals Protocol for further comments on their forthcoming decisions regarding the bounty.