Decentralized society platform Uxlink said on Wednesday that it was removing a new contract with Ethereum after a multisignature wallet exploit allowed attacks to take up -billion unauthorized tokens and crashing its native asset value.
Uxlink Says Its new intelligent contract passes a security audit and deployed to Ethereum Mainnet. The project said the new contract dropped the mint-burn function to prevent any similar incidents in the future.
The project confirmed the breach of Tuesday, stating a significant amount of crypto moved to the exchange. Estimates of losses from hack vary, with alerts in cyvers that estimated it Saw At least $ 11 million stolen, and chop Putting The figure of over $ 30 million.
What is clear is that the incident is highlighting the intelligent security of the contract that the projects must address. Marwan Hachem, co-founder and CEO of web3 security firm Fearsoff, told Cointelegraph that the incident highlighted the dangers of haste without the necessary security layers.
UXLINK exploits the highlights of “centralized control” risks
Attacks control the intelligent UXLINK contract through a violation of the multisignature wallet and initially mininted 2 billion UXLINK tokens. The token price dropped 90% from $ 0.33 to $ 0.033 while the attack continued to minimize, with a security firm estimated that nearly 10 trillion tokens were created.
Hachem told Cointelegraph that the Uxlink violation came from a weakness in calling the delegate into their multisignature wallet. This allowed the hacker to run an arbitrary code and occupy the administrative control of the contract. He added that this led to the minint of unauthorized tokens.
“It’s really a spotlight of some design flaws in UXLINK,” Hachem told Cointelegraph. “A multisignature wallet that is not properly protected from delegated calling exploits, LAX controls who can mint and no built-in code to implement the supply cap.”
Hachem said it showed how dangerous it was to “maintain excessive centralized control over projects that say decentralized.”
Related: Crypto.com said report of unspecified user data to leak ‘baseless’
The need for timelocks, hardcoded caps and better auditing
From a technical stance, Hachem said the UXLINK hack can be avoided with some common care.
This includes the addition of timelocks to sensitive actions such as mininting new tokens or changing contract ownership. “A 24 to 48-hour delay gives the community an opportunity to see anything unusual before it passes,” Hachem said.
The second solution includes renunciation of the mininting privileges once the tokens are launched, so that even the insider can create more. Hachem said hard-coding supply caps directly to smart contracts will avoid the risks of new tokens minted.
On the operation side, Hachem emphasized the importance of independent tests and continued transparency.
“You can’t just overlook the token contract. Multisig’s setup also requires an investigation,” he said, urging projects to publicly wallets and require a lot of signers in each transaction.
The wider lesson, according to Hachem, is that even commonly used tools such as Multisig wallets should not be considered as bulletproof. He said pushing for more decentralized management and emergency stops for critical operations is also of great importance.
“The UXLINK incident features that the haste without stable and continuous security can break the community confidence. It is best to put defenses from the beginning,” Hachem told Cointelegraph.
Magazine: XRP is the leading owner of Thailand, the Shanghai Dumps Fil: Asia Express
