BeInNews Academy Ltd © Street: Suite 1701 – 02A, 17/F, 625 King’s Road, North Point. Hong Kong.
The decentralized exchange protocolhas been suspended by the core developing team after discovering a vulnerability in its code.
According to a blog post, the 0x project was made aware of a potential exploit in its Exchange smart contract by a third-party Once you have the freedom of being the sole owner of your money, it's now your responsibility to ensure the... More researcher – Sam Sun. The affected contract is responsible for filling and canceling orders, as well as executing transactions and registering new contracts.
The vulnerability would have allowed attackers to fill orders with invalid signatures. The 0x team has immediately halted trading on its platform and released an updated version of the affected smart contract. According to 0x co-founder, Will Warren, no user funds have been affected:
This vulnerability would allow an attacker to fill certain orders with invalid signatures. This vulnerability does not affect the ZRX token contract; your digital assets are safe.
Warren added that after verifying the vulnerability the team decided to shut down the v2.0 Exchange and all AssetProxy contracts to prevent attackers from being able to exploit the vulnerability.
While the vulnerability hasn’t been exploited as far as the team is aware, the functionality of the decentralized exchange has been hampered. Projects that are intertwined with the 0x protocol have to update their code as well, to point to these updated contracts.
Warren indicated that the 0x team will issue a post-mortem once it is certain that no other smart contracts are at risk. Furthermore, 0x will continue offering generous bug bounties to white hat hackers that help identify vulnerabilities.
The project’s team is also looking to discuss the issue with the community to make sure all smart contract security practices for 0x protocol are transparent, rigorous, and community-vetted.
The immediate response from the team has helped avert any unpleasant situations for its users, but this particular incident also highlights that decentralized exchange protocols still remain centralized.
Backdoors for decentralized protocols in their smart contracts, either disclosed or hidden, are a double-edged sword. On one hand, it helps prevent failures and exploits with quick fixes, such as in this case. On the other, centralized decision making will see protocols fail the censorship and regulation test. Whether projects will be able to find an elegant solution for this, remains to be seen.
How should decentralized exchange protocols position themselves? Should they sacrifice decentralization or run a higher risk of vulnerability exploitation? Let us know your thoughts in the comments below.
Do you need trading guidance during this Coronavirus outbreak? BeInCrypto is here to help! Join our Telegram Trading Community for Market Updates, exclusive Trading Signals and a FREE Trading Course! Images courtesy of Shutterstock, Trading View and Twitter.