The 0x protocol developers were forced to temporarily suspend the work of the decentralized exchange, explaining this by the discovered vulnerability in the smart contract code.
The project team in the publication on Medium, a third-party security researcher samczsun, warned team 0x about vulnerabilities in the smart contract of the exchange, and after its report, the team suspended the execution of the exchange contract and AssetProxy contracts.
The vulnerability would allow an attacker to execute orders with invalid signatures. The ad says that no one took advantage of this vulnerability, and no user has lost their funds.
“Unfortunately, this also means that currently deployed to 0x contracts cannot process transactions and cannot be used. An updated version of the exchange contract that fixes this vulnerability, and the new AssetProxy contracts are being deployed in the Ethereum core network, and we expect them to be ready for use later in the near future. ”
Finally, the team notes that this vulnerability is not contained in the contract with the ZRX token and that user funds are safe. They thanked security researchers and encouraged other white hackers to participate in the 0x program:
“We also want to express our most sincere thanks to samczsun. We continue to offer a generous reward for errors found for “white hackers” and community members who identify potential vulnerabilities. ”
In 2017, the authors of the protocol of the decentralized exchange 0x collected
$ 24.5 million on ICO, selling 500 million ZRX tokens. And in May of this year, it became known that 0x and StarkWare are working
above the performance gains of decentralized exchanges.