Digix Hacked Out of Some $260,000 DGD – Trustnodes

Digix Hacked Out of Some $260,000 DGD

NewsTokens

July 27, 2017 11:26 am 0

The DigixDAO crowdsale smart contract had a vulnerability with high severity, but low impact as “only” 4162.2647 DGDs belonging to 35 addresses were affected according to a statement by Digix.

The vulnerability was discovered by Gustav Simonsson, an ethereum developer, who informed Digix on the 23rd of July.

“A bug in the DigixDAO Crowdsale Contract allowed an attacker to receive unclaimed DGD tokens,” Anthony Eufemio, Digix’s CTO, said before proceeding to provide the technical details.

Their analysis showed the bug was used to claim more than 4,000 DGDs, currently worth some $260,000, but they all will be reimbursed, DGD says, with the bug now fixed.

“Lesson learned,” Eufemio says before adding “we now have a new convention to avoid this mistake by avoiding the use of msg.sender and instead setting the variables at the head of each function. The assignment costs extra gas, but it will help avoid this issue in the future.”

Digix announced an audit of their smart contract back in May that was to end around June, but that was for dgx 2.0, Kai Chng, Digix’s co-founder, told trustnodes.

However, “we did not have an audit for the crowdsale contract,” Chng says, so the bug has seemingly slipped in and remained undiscovered until last week.

Which just goes to show how careful one has to be when writing code that directly controls assets. Especially when the total assets in question have a marketcap of some $125 million with each valued at nearly $63.

Their price fell slightly today, but has halved since last month, seemingly following ethereum’s price movements during the same time period.

DGD’s current price

Digix was one of the first ICOs and ethereum based project, raising around 550,000 eth back in March 2016, worth at the time $5.5 million, with the aim of creating a gold backed stable currency as DGD token holders are given part of the transaction fees in DGX, which is 1:1 with gold.

But DGX isn’t traded anywhere, while price action shows DGD has hardly been stable, with it seemingly closely following eth’s movements both up and down. Probably because it attracts interest primarily from speculators.

DGX as promoted on the Digix website.

So their promise to ICO investors of a “stable store of value” has seemingly not yet materialized, but they are soon to launch a marketplace which might perhaps take the idea further.

 

Related posts

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Trustnodes