NEO BLOCKACHAIN – An Open Network For Smart Economy
Is a non-profit community-based blockchain project that utilizes blockchain technology and digital identity to digitize assets, to automate the management of digital assets using smart contracts, and to realize a “smart economy” with a distributed network. NEO was founded in 2014 and was real-time open source on GitHub in June 2015.
NEO Global Development (NGD) recently discovered a storage injection vulnerability in the code of some NEP-5 smart contracts.
NEO Global Development (NGD), together with Red4Sec, state the following:
The vulnerability exists within the smart contract code of some dApps. The NEO blockchain is not affected by the vulnerability.
There are several NEP-5 tokens affected by this issue. By exploiting this vulnerability, an attacker could make changes to the contract storage. An attacker can burn a certain amount of tokens and change the status of total Supply within the contract. However, such an attack can only change the show value of totalSupply. It will not change the actual supply volume. In addition, the cost of this attack would be very high. Therefore, we consider the risk of damage from this attack very limited.
After reviewing a huge amount of contract codes, we came to the following conclusion:
1) Some projects are not affected by this vulnerability, or they had already fixed the bug before we discovered the issue. These projects do not need to take any action.
2) Some affected projects are exposed to the attack. Their users’ assets are confirmed as safe. These projects can decide whether to perform contract upgrades based on their own considerations.
3) There is only one project whose source code is not open. For this project we are unable to detect if it has any (other) serious vulnerabilities.
http://(www.neo.org)
The NEO Global Development promised to continue working towards the full protection of its Blockchain based assets. NEO dedicates it’s agenda towards the success and continuous upgrade and full protection of its ecosystem to be void of any attacks.
@diutocoinnews on Telegram
Discover more from DiutoCoinNews
Subscribe to get the latest posts sent to your email.