Gitcoin logo
August 26, 2022

Critical Security Vulnerability Patched 2017/11/10

At 4:15pm MST today, the Gitcoin team was notified of a critical security vulnerability in their smart contract:

Able to steal fund (github)

At 4:55 pm MST, the Gitcoin team committed a fix to their smart contract:

At 4:57 pm MST, we began the process of migrating all the active Funded Issues from the old Smart Contract, to the new smart contract, located at 0xb10700b5ece20a3c65b047f76fd3dc13720bd30e

We are thankful to github user NickErrant, who disclosed this security vulnerability to us. This user will be receiving a Gitcoin Security Bounty for their work on this issue.

No funds were lost due to this security vulnerability, but they could have been. The Gitcoin team is planning on deploying a migration to a fully audited smart contract in the very near future. An announcement about this is expected next week.

Featured Posts

Announcing: Zuzalu QF Grants Program on Grants Stack

Announcing: The Village Infra on Polygon#1 Round on Grants Stack

Gitcoin Grants Round 19: Results and Recap

loading
loading