Our Blog

August 26, 2022

Product Updates

by

Critical Security Vulnerability Patched 2017/11/10

On this page

At 4:15pm MST today, the Gitcoin team was notified of a critical security vulnerability in their smart contract:

Able to steal fund (github)

At 4:55 pm MST, the Gitcoin team committed a fix to their smart contract:

At 4:57 pm MST, we began the process of migrating all the active Funded Issues from the old Smart Contract, to the new smart contract, located at 0xb10700b5ece20a3c65b047f76fd3dc13720bd30e

We are thankful to github user NickErrant, who disclosed this security vulnerability to us. This user will be receiving a Gitcoin Security Bounty for their work on this issue.

No funds were lost due to this security vulnerability, but they could have been. The Gitcoin team is planning on deploying a migration to a fully audited smart contract in the very near future. An announcement about this is expected next week.

Read more

Featured Posts

All About Allo: Gitcoin’s newest protocol enabling communities to allocate pooled funds

Gitcoin Grants Stack: Your Complete Solution for Grants Program Management

Gitcoin Passport Launches Galxe Integration & “Anti-Sybil Assembly” NFTs

July 26, 2023

loading

loading