Developers of Ethereum DEX Protocol AirSwap Disclose Critical Exploit

Published at: Sept. 15, 2019

Ethereum (ETH) decentralized exchange protocol AirSwap’s developers announced that they have discovered a critical vulnerability in the system’s new smart contract.

AirSwap’s team announced its findings and a possible solution for all potentially affected users in a Medium post published on Sept. 13.

A limited vulnerability

Per the release, on Sept. 12 AirSwap’s development team found a vulnerability in a new smart contract, which has already been reverted to an older version in under 24 hours after the discovery. The exploit in question could have allowed an attacker to perform a swap without requiring a signature from a counterparty under certain conditions. The scope of the vulnerability is reportedly limited:

“The affected code was present in the AirSwap system for under 24 hours, and only affects some users of AirSwap Instant between midday September 11th and early morning of September 12th. We initially identified 20 vulnerable addresses matching this pattern and quickly reduced it to 10 accounts that are currently at risk.”

Only nine addresses are at risk

AirSwap notes that the exploitable smart contract was reverted immediately after the issue was detected and that neither the AirSwap Instant nor Trader products are affected by the vulnerability. The release also discloses the nine Ethereum addresses that used the exploitable functionality during that time period.

Only the owners of the nine addresses are required to take any action to prevent the loss of funds. More precisely, it is necessary that they revoke the authorization for the vulnerable smart contract by visiting the following link.

As Cointelegraph reported in mid-July, the Ethereum smart contract of 0x decentralized exchange protocol has been suspended after a vulnerability has been uncovered in its code.

Tags
Related Posts
0x DEX Protocol Suspended Because of Vulnerability, Funds Safe
The Ethereum (ETH) smart contract of 0x (ZRX) decentralized exchange (DEX) protocol has been suspended after a vulnerability has been uncovered in its code, the project’s team announced in a Medium post published on July 13. Per the announcement, third-party security researcher samczsun warned the 0x team about the vulnerability in the exchange smart contract and, after evaluating it, the team suspended the exchange’s contract and the AssetProxy contracts. The vulnerability would have allowed an attacker to fill certain orders with invalid signatures. The announcement reassures that one has exploited this vulnerability and no users have lost their funds. The …
Ethereum / July 13, 2019
An Ethereum 2.0 Proof-of-Stake Testnet Blockchain Is Now Live
An Ethereum (ETH) 2.0 Proof-of-Stake (PoS) testnet beacon blockchain is now live. Preston Van Loon, co-founder of sharding development firm Prysmatic Labs, announced the development in a Medium post on May 7. Ethereum 2.0 is an upcoming new Ethereum chain featuring improvements in security, scalability, and decentralization. Ethereum 2.0 would not be introduced to the current Ethereum network by means of a hard fork. Instead, users will be able to transfer value from the current Proof-of-Work (PoW) chain via a one-way smart contract. The announcement also notes that shards are a core concept behind Ethereum 2.0. Shards are individual chains …
Decentralization / May 8, 2019
DAO Behind DAI Stablecoin MakerDAO Announces Critical Vulnerability in Voting Contract
MakerDAO, the Decentralized Autonomous Organization (DAO) behind the DAI stablecoin, announced a critical security update to its governance contract in a Reddit thread published on May 6. Per the announcement, during the second round of security audits part of the DAO’s partnership with crypto exchange Coinbase and smart contract security startup Zeppelin, a critical vulnerability had been discovered in the governance smart contract. Zeppelin also released an independent critical vulnerability notice. While the announcement claims that the tokens of users who have staked MKR tokens in the contract are not in danger, it also advises users to move them. Still, …
Altcoin / May 7, 2019
Altcoin Roundup: JunoSwap, Solidly and VVS Finance give DeFi a much-needed refresh
Decentralized finance (DeFi) was the talk of the town in early 2021, but it has since taken a back seat to more appealing sectors like nonfungible tokens (NFTs), memecoins and blockchain gaming. Now that cross-chain bridges and interoperability have allowed for the easier migration of assets to competing chains, a new class of DeFi protocols is arising to challenge those left from 2021. Here’s a look at three DeFi projects that have launched on some of the up-and-coming layer-1 blockchain networks, catching the eye of the crypto community. VVS Finance VVS Finance is the largest DeFi protocol on the Cronos …
Markets / March 4, 2022
Crypto hacks are set to hit all-time highs in 2022, analyst explains
Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance. “This can't go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols …
Blockchain / Oct. 19, 2022