AirSwap reported that their development team had detected a ‘critical vulnerability’ in a recently launched AirSwap smart contract. According to a blog released on medium, AirSwap, a decentralized token-trading platform built on the Ethereum blockchain, revealed that on 12th September, the internal security review team recognized a major flaw in the mainnet of the smart contract.
The vulnerability would have allowed any hacker to perform a swap with another party without requiring their signature. It was stated that the tainted code was active in the system for less than 24 hours and only a few addresses were affected. The article stated,
“When the issue was detected, the team immediately rolled back AirSwap Instant to use the original smart contracts. Both the AirSwap Instant and Trader products are no longer affected by the vulnerability.”
The AirSwap team also carried out a few remediations after the vulnerability was reported. Dev team initiated identification of affected users and started the process of de-risking [process of protecting user asset without alerting the network]. All vulnerable components were removed from the production AirSwap UI and from all related tools.
AirSwap released a statement of apology and remarked,
“We would like to deeply apologize to our affected users for any inconvenience these vulnerabilities may have caused, and hope that the important lessons we continue to learn throughout these processes form the basis for a more open, secure, and efficient trading environment.”