Gitcoin logo
Our Blog
August 26, 2022

Critical Security Vulnerability Patched 2017/11/10

On this page

At 4:15pm MST today, the Gitcoin team was notified of a critical security vulnerability in their smart contract:

Able to steal fund (github)

At 4:55 pm MST, the Gitcoin team committed a fix to their smart contract:

At 4:57 pm MST, we began the process of migrating all the active Funded Issues from the old Smart Contract, to the new smart contract, located at 0xb10700b5ece20a3c65b047f76fd3dc13720bd30e

We are thankful to github user NickErrant, who disclosed this security vulnerability to us. This user will be receiving a Gitcoin Security Bounty for their work on this issue.

No funds were lost due to this security vulnerability, but they could have been. The Gitcoin team is planning on deploying a migration to a fully audited smart contract in the very near future. An announcement about this is expected next week.

Use Gitcoin Grants Stack to run your own funding program

Read more
Featured Posts

Gitcoin Grants 20: Results & Recap

Announcing the Aave & GHO Ecosystem Advancement QF Round

Announcing: Gitcoin Grants 20