chepicap.com
The team behind 0x has shut down its decentralized exchange after a bug was found. No funds were affected, but all users were migrated to a newer version of the platform.
The 0x protocol is built on the Ethereum (ETH) blockchain, and was designed to allow the peer-to-peer exchange of crypto assets. Its associated ZRX token currently has a market cap of $153 million, and was listed on Coinbase towards the end of last year.
According to a blogpost from 0x head Will Warren, the security flaw was spotted by third-party security researcher samczsun. The white hat hacker found an exploit in the 0x smart contract that would allow an attacker to fill certain orders with invalid signatures.
The post claims that the team "used the AssetProxyOwner contract to shut down the v2.0 Exchange and all AssetProxy contracts to prevent this vulnerability from being exploited. The contracts were shut down at approximately 7:45 PM PT. To the best of our knowledge, no one has exploited this vulnerability and no user funds have been lost". This latter statement was confirmed a few hours later. After another two hours, the team had created a patch for the software, and released contract addresses for users to update to.
3) I expect that there will be a number of discussions around smart contract security practices, emergency shut off switches, decentralization*, DAOs, and governance. This will be healthy for both the 0x and broader Ethereum community as user numbers grow and the stakes increase.
— Will Warren (@willwarren89) July 13, 2019
A discussion arose on Twitter about how decentralized the 0x DEX could be, if the team was able to shut down trading in this way. While the team's governance of the network was praised, some claimed that their action is effectively the same as any other type of censorship.
Decentralized exchange 0x temporarily shut down after finding a vulnerability. The first question people will ask (after realizing funds are safe) is how decentralized is the exchange if it’s able to do that, and does it matter if a degree of control means they can protect users. https://t.co/UKp3fOo6X2
— Camila Russo (@CamiRusso) July 13, 2019
Decentralized does not have to mean ungoverned.
— Karl Moz (@KarlMozurkewich) July 13, 2019
This is a good thing and hats off to the team that saw a problem and urgently took corrective action to help the community.
There is no absolute “centralized” or “decentralized”. It’s a scale, and 0x is much closer to Bitcoin than to Chase Bank on that scale.
— Chris Blec (@ChrisBlec) July 13, 2019