Security agency: 0x Exchange contract malicious pending order can disrupt normal trading order

Yesterday, the decentralized exchange agreement 0x project party said it found serious security holes. PeckShield security personnel followed up and found that the 0x Exchange contract was flawed in verifying the order signature, causing the attacker to make a malicious pending order, which in turn sold the user's digital assets at a low price, disrupting the normal trading order. Fortunately, the project side found and fixed the problem in time. As of now, no real attack has occurred and no digital asset loss has occurred. 0x protocol The contract code for this vulnerability is mainly the problem of writing the signature verification function in the inline assembly code. The direct writing of the assembly code is very useful in the case that the compiler cannot optimize the contract code, and the controllability is stronger and can be improved. Execution efficiency reduces the consumption of Gas, but writing Solidity assembly code requires a very familiar understanding of the EVM operating mechanism, otherwise EVM…

What do you think?

0 points
Upvote Downvote

WANCHAIN Price Prediction Today: Daily (WAN) Value Forecast – July 14

The second half of local life service: the traffic harvesting model is difficult for a long time, digital empowerment is the future