0x exchange shuts down its v2.0 contracts after the discovery of security vulnerability
The 0x exchange has to shut down its v2.0 exchange contracts after a third-party security researcher Sam Sun brought a potential security flaw to their notice. The vulnerability is present in the main 0x protocol itself which is responsible for almost every aspect of contract execution on the platform. These vulnerabilities if exploited would have affected filling and canceling orders, executing transactions, validating signatures and registering new contracts in the system.
After the discovery of the security vulnerability, the CEO of the firm Will Warren came out to explain how this flaw could have affected the network but also ensured that the consumers ZRX contracts, as well as their digital assets, are safe. He noted,
“This vulnerability would allow an attacker to fill certain orders with invalid signatures. This vulnerability does not affect the ZRX token contract; your digital assets are safe.”
Precautions taken after the discovery of the vulnerability
Despite finding the issue before it got exploited, the firm has shut down its exchange contracts and Asset Proxy contracts which are used for performing asset transfers. The team working on the exchange did deploy the patches for vulnerable exchange contracts and the Asset Proxy contracts over the fortnight. However, after clearing the lined up order books, the platform did ask the users to reset their allowances for the new 0x Asset proxy contracts.
Warren thanked Sam Sun for discovering the bug before it was exploited by someone and also promised a full-fledged report on the issue, once they confirm that there are no other contracts under threat. He also promised an open community dialogue to ensure that whatever security changes are made into 0x protocol smart contracts, they are “transparent, rigorous and community-vetted.”
The CEO also ensured that Sun would be rewarded handsomely as has been the case with 0x bug bounty hunters, for his effort in finding out the security vulnerability before it causes any serious damage to the exchange or its customers.