The Ethereum (ETH) smart contract of 0x (ZRX) decentralized exchange (DEX) protocol has been suspended after a vulnerability has been uncovered in its code, the project’s team announced in a Medium post published on July 13.
Per the announcement, third-party security researcher samczsun warned the 0x team about the vulnerability in the exchange smart contract and, after evaluating it, the team suspended the exchange’s contract and the AssetProxy contracts.
The vulnerability would have allowed an attacker to fill certain orders with invalid signatures. The announcement reassures that one has exploited this vulnerability and no users have lost their funds. The only consequence is apparently a temporary suspension of the service:
“Unfortunately, this also means the currently deployed 0x contracts cannot process trades and are unable to be used. A patched version of the Exchange contract — that we are confident fixes this vulnerability — and new AssetProxy contracts are being deployed to the Ethereum mainnet and we expect them to be ready to use later tonight.”
Lastly, the team notes that the vulnerability is not contained in its ZRX token contract and that user funds are safe. They thanked the security researchers while inviting other white hat hackers to participate in 0x’s bug bounty program:
“We also want to extend our sincerest gratitude to samczsun. We continue to offer a generous bug bounty to white hat hackers and community members that identify potential vulnerabilities. ”
As Cointelegraph reported in October last year, ZRX was the first ERC20 token to be listed on the Coinbase cryptocurrency exchange.
At the beginning of May, the Tron Foundation disclosed a fixed vulnerability that could have crashed its blockchain.