0x DEX Protocol Suspended Because of Vulnerability, Funds Safe

Published at: July 13, 2019

The Ethereum (ETH) smart contract of 0x (ZRX) decentralized exchange (DEX) protocol has been suspended after a vulnerability has been uncovered in its code, the project’s team announced in a Medium post published on July 13.

Per the announcement, third-party security researcher samczsun warned the 0x team about the vulnerability in the exchange smart contract and, after evaluating it, the team suspended the exchange’s contract and the AssetProxy contracts.

The vulnerability would have allowed an attacker to fill certain orders with invalid signatures. The announcement reassures that one has exploited this vulnerability and no users have lost their funds. The only consequence is apparently a temporary suspension of the service:

“Unfortunately, this also means the currently deployed 0x contracts cannot process trades and are unable to be used. A patched version of the Exchange contract — that we are confident fixes this vulnerability — and new AssetProxy contracts are being deployed to the Ethereum mainnet and we expect them to be ready to use later tonight.”

Lastly, the team notes that the vulnerability is not contained in its ZRX token contract and that user funds are safe. They thanked the security researchers while inviting other white hat hackers to participate in 0x’s bug bounty program:

“We also want to extend our sincerest gratitude to samczsun. We continue to offer a generous bug bounty to white hat hackers and community members that identify potential vulnerabilities. ”

As Cointelegraph reported in October last year, ZRX was the first ERC20 token to be listed on the Coinbase cryptocurrency exchange.

At the beginning of May, the Tron Foundation disclosed a fixed vulnerability that could have crashed its blockchain.

Tags
Zrx
Related Posts
Developers of Ethereum DEX Protocol AirSwap Disclose Critical Exploit
Ethereum (ETH) decentralized exchange protocol AirSwap’s developers announced that they have discovered a critical vulnerability in the system’s new smart contract. AirSwap’s team announced its findings and a possible solution for all potentially affected users in a Medium post published on Sept. 13. A limited vulnerability Per the release, on Sept. 12 AirSwap’s development team found a vulnerability in a new smart contract, which has already been reverted to an older version in under 24 hours after the discovery. The exploit in question could have allowed an attacker to perform a swap without requiring a signature from a counterparty under …
Ethereum / Sept. 15, 2019
Crypto hacks are set to hit all-time highs in 2022, analyst explains
Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance. “This can't go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols …
Blockchain / Oct. 19, 2022
Synthetix Reverses Oracle Error-Caused Misplaced sETH in Exchange for a Bug Bounty
Following a recent oracle issue, asset issuance platform Synthetix will reverse the misplaced 37 million synthetic ether (sETH) in exchange for a bug bounty, Synthetix founder Kain Warwick stated on June 25. According to the statement, Synthetix has now resumed trading and transfers after the platform yesterday suffered an oracle error that led to several trades with profits of 1000x, resulting in more than $1 billion in profits in under an hour. Warwick, who is also CEO of Australia-based payment operator blueshyft, has described the details of the accident, noting that the error, which led one of APIs on the …
Ethereum / June 25, 2019
Recently Hacked Adult Entertainment Platform SpankChain Returns Stolen BOOTY, Ethereum
Ethereum-based adult entertainment platform SpankChain confirmed that it had recovered all the funds lost during a security breach October 6. In a series of tweets Friday, Oct. 12, officials said that after speaking by telephone with the hacker who stole 165 ETH ($32,000) from the project’s smart contract, he had agreed to return the amount in full. SpankChain had notified users about the breach a day after it occurred, promising to instigate reimbursements of lost money to affected investors. Of the total losses, only around $9,000 consisted of customer funds, it said. Linking to a transaction confirming the transfer, SpankChain …
Ethereum / Oct. 12, 2018
Altcoin Roundup: JunoSwap, Solidly and VVS Finance give DeFi a much-needed refresh
Decentralized finance (DeFi) was the talk of the town in early 2021, but it has since taken a back seat to more appealing sectors like nonfungible tokens (NFTs), memecoins and blockchain gaming. Now that cross-chain bridges and interoperability have allowed for the easier migration of assets to competing chains, a new class of DeFi protocols is arising to challenge those left from 2021. Here’s a look at three DeFi projects that have launched on some of the up-and-coming layer-1 blockchain networks, catching the eye of the crypto community. VVS Finance VVS Finance is the largest DeFi protocol on the Cronos …
Markets / March 4, 2022