The engineers at AirSwap – the Ether-based decentralized exchange protocol – has disclosed their encounter with a highly serious exploit in the new smart contract of the network.
All the related information, including the discovery details, as well as their viable next step to take to resolve any issue clients may have faced have been published via a Medium post on September 13.
Specifically, on September 12, a serious exploitable point within the new smart contract has been caught under AirSwap team’s radar, which has been changed back into its previous version only 1 day following the encounter.
The vulnerability could have been manipulated by hackers to conduct a swap – with the absence of a signature provided by a counterparty, bound by a number of particular terms.
“The affected code was present in the AirSwap system for under 24 hours, and only affects some users of AirSwap Instant between midday September 11 and early morning of September 12. We initially identified 20 vulnerable addresses matching this pattern and quickly reduced it to 10 accounts that are currently at risk.”
The problem was quickly handled following its appearance, and “both the AirSwap Instant and Trader products” are free from any risk can be caused by the exploitable smart contract. Only 9 Ethereum accounts has had association with the vulnerable smart contract within the timeframe. These account owners have also been advised to act quickly to prevent any future damage.