Ethereum decentralized exchange protocol AirSwap’s developers announced that they discovered a critical vulnerability in the system’s new smart contract.
Ethereum (ETH) decentralized exchange protocol AirSwap’s developers announced that they have discovered a critical vulnerability in the system’s new smart contract.
AirSwap’s team announced its findings and a possible solution for all potentially affected users in a Medium post published on Sept. 13.
A limited vulnerability
Per the release, on Sept. 12 AirSwap’s development team found a vulnerability in a new smart contract, which has already been reverted to an older version in under 24 hours after the discovery. The exploit in question could have allowed an attacker to perform a swap without requiring a signature from a counterparty under certain conditions. The scope of the vulnerability is reportedly limited:
“The affected code was present in the AirSwap system for under 24 hours, and only affects some users of AirSwap Instant between midday September 11th and early morning of September 12th. We initially identified 20 vulnerable addresses matching this pattern and quickly reduced it to 10 accounts that are currently at risk.”
Only nine addresses are at risk
AirSwap notes that the exploitable smart contract was reverted immediately after the issue has been detected and that “both the AirSwap Instant and Trader products are no longer affected by the vulnerability.” The release also discloses the nine Ethereum addresses that used the exploitable functionality during that time period.
It is noted that only the owners of those nine addresses are required to take any action to prevent loss of funds. More precisely, it is necessary that they revoke the authorization for the vulnerable smart contract by visiting the following link.
As Cointelegraph reported in mid-July, the Ethereum smart contract of 0x decentralized exchange protocol has been suspended after a vulnerability has been uncovered in its code.
Source: , CoinTelegraph
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.