Uxlink social platform said on Wednesday that it had published a new contract for Ethereum after it allowed a multi -wallet that is important for the attackers with billions of unauthorized symbols and the value of its original assets is disrupted.
Uxlink He said Her new smart contract has approved a security audit and will be published on Ethereum Mainnet. The project said that the new contract dropped the mint function to prevent any similar incidents in the future.
The project confirmed the breach on Tuesday, saying that a large amount of encryption was transferred to exchanges. The estimates of losses differ from the penetration, with estimates of CYVERS opinion At least 11 million dollars stolen, and cut off situation The number is more than $ 30 million.
What is clear is that the incident is the most prominent smart contract security defects that projects should address. “The accident was the most prominent risk of rushing forward without the necessary security classes.
Uxlink Exploit highlights the risk of “central control”
The attackers took control of the smart Uxlink contract by violating a multi -portable wallet and initially linked to two billion Uxlink. The price of the distinctive symbol decreased by 90 % from $ 0.33 to $ 0.033, as the attacker continued to leave, as a security company estimated approximately 10 trillion symbol.
Tell Hachem Cointelegraph that Uxlink’s breach comes from a call vulnerability in the MultisiGature. This allowed the infiltrator to run an arbitrary code and take over administrative control of the contract. He added that this led to the extraction of unauthorized symbols.
“This really highlights some of the design defects in Uxlink preparation,” HACHEM told Cointelegraph. “A multi -neglected wallet was not properly protected from the exploits of delegated calls, and the items control elements on those who can mint and not a compact symbol to impose the width cover.”
Hachem said that at the end of the day, this explains how dangerous “maintaining a lot of central control in projects that are claiming to be central.”
Related to: Crypto.com says a report on unpopular user data “unfounded”.
The need for timing, strict capsules and better reviews
From an artistic point of view, Hachem said that Uxlink’s penetration could have been avoided with some standard guarantees.
This includes adding timing devices to sensitive procedures such as new symbols or changing contract ownership. Hashem said: “A delay from 24 to 48 hours gives society an opportunity to discover anything unusual before it passes.”
The second solution includes giving up the privileges of the judiciary by simply launching the distinctive symbols, so that even those who are not even man can create more. HACHEM said that the militant hats directly on smart contracts would prevent the dangers of new symbols.
On the operational side, Hachem stressed the importance of independent and continuous transparency reviews.
He said: “You can not only review the distinctive symbol. Multisig’s preparation needs to be scrutinized as well,” urges the projects to make the addresses of the portfolio in general and requires many signers in every treatment.
The broader lesson, according to HACHEM, is that even commonly used tools such as Multisig Governor should not be dealt with as bulletproofing. He said that pressure for more decentralized governance and emergency stops for critical functions is also of utmost importance.
“Uxlink incident highlights that the rush forward without strong and continuous security can break the confidence of society. It is better to put the defenses from the beginning,” Hachem told Cointelegraph.
magazine: XRP is the best assets in Thailand, Shanghai Dumbs Fil: Asia Express
The post UXLink Hack Shows Need for Timelocks, Hardcoded Caps and Audits first appeared on Investorempires.com.
