Developers of Ethereum DEX Protocol AirSwap Disclose Critical Exploit

Ethereum decentralized exchange protocol AirSwap’s developers announced that they discovered a critical vulnerability in the system’s new smart contract.

Ethereum (ETH) decentralized exchange protocol AirSwap’s developers announced that they have discovered a critical vulnerability in the system’s new smart contract.

AirSwap’s team announced its findings and a possible solution for all potentially affected users in a Medium post published on Sept. 13.

A limited vulnerability

Per the release, on Sept. 12 AirSwap’s development team found a vulnerability in a new smart contract, which has already been reverted to an older version in under 24 hours after the discovery. The exploit in question could have allowed an attacker to perform a swap without requiring a signature from a counterparty under certain conditions. The scope of the vulnerability is reportedly limited:

“The affected code was present in the AirSwap system for under 24 hours, and only affects some users of AirSwap Instant between midday September 11th and early morning of September 12th. We initially identified 20 vulnerable addresses matching this pattern and quickly reduced it to 10 accounts that are currently at risk.”

Only nine addresses are at risk

AirSwap notes that the exploitable smart contract was reverted immediately after the issue has been detected and that “both the AirSwap Instant and Trader products are no longer affected by the vulnerability.” The release also discloses the nine Ethereum addresses that used the exploitable functionality during that time period.

It is noted that only the owners of those nine addresses are required to take any action to prevent loss of funds. More precisely, it is necessary that they revoke the authorization for the vulnerable smart contract by visiting the following link.

As Cointelegraph reported in mid-July, the Ethereum smart contract of 0x decentralized exchange protocol has been suspended after a vulnerability has been uncovered in its code.

Visit the USSA News store!
Click this link for the original source of this article.
Author: Adrian Zmudzinski


This content is courtesy of, and owned and copyrighted by, https://cointelegraph.com and its author. This content is made available by use of the public RSS feed offered by the host site and is used for educational purposes only. If you are the author or represent the host site and would like this content removed now and in the future, please contact the USSANews.com administrator by using the contact form located in the top-left menu. Your request will be immediately honored. Please visit https://cointelegraph.com for more terrific, conservative content. The owner of this website may be paid to recommend American Bullion. The content of this website, including the positive review of American Bullion, the negative review of its competitors, and any other information may not be independent or neutral.

USSANews.com