Our Blog
August 26, 2022
Product Updates
by
Kevin Owocki

Critical Security Vulnerability Patched 2017/11/10

On this page

Heading 2

At 4:15pm MST today, the Gitcoin team was notified of a critical security vulnerability in their smart contract:

Able to steal fund (github)

At 4:55 pm MST, the Gitcoin team committed a fix to their smart contract:

At 4:57 pm MST, we began the process of migrating all the active Funded Issues from the old Smart Contract, to the new smart contract, located at 0xb10700b5ece20a3c65b047f76fd3dc13720bd30e

We are thankful to github user NickErrant, who disclosed this security vulnerability to us. This user will be receiving a Gitcoin Security Bounty for their work on this issue.

No funds were lost due to this security vulnerability, but they could have been. The Gitcoin team is planning on deploying a migration to a fully audited smart contract in the very near future. An announcement about this is expected next week.

Read more
Featured Posts

Mint Attestations: Capturing Your Impact

October 23, 2024
Read

Announcing Allo live on Celo’s Alfajores Test Network

August 14, 2023
Read

Introducing Allo v2, the Next Phase of Community Resource Allocation Tooling

July 27, 2023
Read
loading
loading