0x, an open protocol that enabled the peer-to-peer exchange of assets on the Ethereum blockchain, shut down their v2 Exchange due to a flaw in its Exchange contract which was identified by a third-party security researcher Sam Sun. According to the CEO and co-founder of 0X Will Warren:
“This vulnerability would allow an attacker to fill certain orders with invalid signatures. This vulnerability does not effect the ZRX token contract; your digital assets are safe.”
This vulnerability in the 0x’s Exchange contract could have had a detrimental effect as it could have been used to validate signatures, canceling or conducting orders, conducting transactions; however, to limit the harm, 0X shut down the exchange contracts and asset proxy contracts, that are responsible for performing such functions at 7:45 PM PT. Fortunately, no harm was done in the meantime and the users’ funds were safe.
However, shutting down Exchange contracts and Asset Proxy Contracts meant that the already deployed 0X contracts could not be processed, thus, the 0x team deployed a patched version of the Exchange and Asset proxy contracts. The users were asked to reset allowances for the new Asset Proxy contracts and the team would “point to the patched and newly deployed Exchange and AssetProxy contracts as well as clear their orderbooks of outstanding orders.”
The CEO who was still tending to the matter at hand informed the community that they would provide a formal post-mortem blog post of the same in a few days and encouraged the white hat hackers and the community members to identify such potential vulnerabilities as they continue with their bug bounty program.