BlockChain News

0x Team Stops Trading to Patch Critical Vulnerability

The decentralized exchange protocol 0x has been suspended by the core developing team after discovering a vulnerability in its code.

According to a blog post, the 0x project was made aware of a potential exploit in its Exchange smart contract by a third-party security researcher – Sam Sun. The affected contract is responsible for filling and canceling orders, as well as executing transactions and registering new contracts.

0x Trading Halted to Patch the Exploit

The vulnerability would have allowed attackers to fill orders with invalid signatures. The 0x team has immediately halted trading on its platform and released an updated version of the affected smart contract. According to 0x co-founder, Will Warren, no user funds have been affected:

This vulnerability would allow an attacker to fill certain orders with invalid signatures. This vulnerability does not affect the ZRX token contract; your digital assets are safe.

Warren added that after verifying the vulnerability the team decided to shut down the v2.0 Exchange and all AssetProxy contracts to prevent attackers from being able to exploit the vulnerability.

While the vulnerability hasn’t been exploited as far as the team is aware, the functionality of the decentralized exchange has been hampered. Projects that are intertwined with the 0x protocol have to update their code as well, to point to these updated contracts.

Warren indicated that the 0x team will issue a post-mortem once it is certain that no other smart contracts are at risk. Furthermore, 0x will continue offering generous bug bounties to white hat hackers that help identify vulnerabilities.

Smart Contract

Decentralized Protocols Still Centralized

The project’s team is also looking to discuss the issue with the community to make sure all smart contract security practices for 0x protocol are transparent, rigorous, and community-vetted.

The immediate response from the team has helped avert any unpleasant situations for its users, but this particular incident also highlights that decentralized exchange protocols still remain centralized.

Backdoors for decentralized protocols in their smart contracts, either disclosed or hidden, are a double-edged sword. On one hand, it helps prevent failures and exploits with quick fixes, such as in this case. On the other, centralized decision making will see protocols fail the censorship and regulation test. Whether projects will be able to find an elegant solution for this, remains to be seen.

How should decentralized exchange protocols position themselves? Should they sacrifice decentralization or run a higher risk of vulnerability exploitation? Let us know your thoughts in the comments below.


Images courtesy of Shutterstock.

As a trusted news outlet in the blockchain and cryptocurrency industry, BeInCrypto
always strives for the highest journalistic standards and adheres to a strict set
of editorial policies. BeInCrypto is an independent website with authors and management
that may personally invest in cryptocurrencies or blockchain startups.

Related posts

Woz U and BlockGeeks Announce New Partnership, offering Career Training with Expertise in Blockchain Technology.

Jenny

A Race Is on to Put Poker on Blockchain: What Qualities Does the Winning Platform Need?

Jenny

Binance Identifies Dusting Attacks Deployed on Litecoin Network

Jenny