Token trading project AirSwap discloses "critical vulnerability" in new smart contract

DEX • September 14, 2019, 4:29PM EDT
Partner offers
The Block may may earn a commission if you use our partner offers, at no extra cost to you.

AirSwap, a peer-to-peer token trading network built on Ethereum, has disclosed that it has found a critical vulnerability in its newly released smart contract. Under certain conditions, the vulnerability would allow an attacker to perform a token swap without requiring a counterparty to sign off on the trade.

According to AirSwap, the vulnerability was only present in its system for less than 24 hours, with ten accounts identified as "at risk." After identifying the vulnerability, the AirSwap team rolled back its AirSwap Instant product to its original smart contracts. The team also contacted all affected users and "developed exploit code to proactively drain all vulnerable funds in the AirSwap contracts" into a withdrawal contract only accessible to the owner of the drained tokens.

AUTHOR

Steven Zheng profile picture Steven Zheng

Steven Zheng is a researcher for The Block. He joined The Block in August 2018. Steven graduated from St. John’s University with a degree in economics. Previously, he covered blockchain and crypto at Radicle, a startup analytics firm. He also had brief stints at Cheddar, a media startup, and Bowery Capital, a venture capital firm. He owns bitcoin. Follow Steven on Twitter at: @Dogetoshi

See More

WHO WE ARE

The Block is a news provider that strives to be the first and final word on digital assets news, research, and data.

+ Follow us on Google News
Connect with the block on

More by Steven Zheng