On Friday May 18th, NEO released a statement informing that a vulnerability had been discovered in a number of NEP-5 smart contracts. The statement can be found here.

The below is a collection of updates from NEO ecosystem projects informing the community on their status in relation to the vulnerability.

This list will be updated as more information becomes available.

Last update – 4:39am (UTC + 0), May 23rd, 2018


Blockchain Store

“The tech team have already tested the deployed BCS smart contract on testnet. They found that BCS does not have any of the security problems mentioned above.”

https://bcschain.io/announcement-about-storage-injection-vulnerability/


Bridge

“Our team wants to reiterate, all IAM tokens are safe. No wallets or transactions are impacted and users can transact and hold IAM tokens without fear.”

https://medium.com/@shyduchak/bridge-protocol-statement-on-nep-5-contract-storage-injection-vulnerability-fe89c5c923af


DeepBrain Chain

“Our analysis has shown that DBC will not be affected by this vulnerability.”

https://medium.com/@deepbrainchain_74263/regarding-neo-nep-5-tokens-storage-injection-vulnerability-statement-dbc-will-not-be-affected-f11a79fc4d03


Narrative

“Narrative confidently states that the NRVE NEP-5 token smart contract is unaffected by the vulnerability.”

https://blog.narrative.network/narrative-statement-on-nep-5-storage-injection-vulnerability-21896d8fff63


Ontology

“ONT holder accounts are safe and are not affected by the attack.”

https://medium.com/ontologynetwork/ontology-team-statement-on-nep-5-smart-contract-storage-injection-vulnerability-60d470bfd85a


Phantasma

Phantasma told NEO News Today – “Phantasma will deploy the smart contract with NEP5 token support before the sale, and the contract was audited by Red4Sec and the storage vulnerability does not affect it”


Qlink

QLC holders and their accounts are safe and sound.”

https://medium.com/@susan.s.zhou/a-statement-of-security-check-regarding-the-transfer-of-qlc-token-to-total-supply-address-within-e0276f6c6576


Quarteria

“We at Quarteria are very pleased to announce that our source code is, in fact, safe as per detailed review with NEO GD.”

https://medium.com/@quarteria.io/quarteria-safe-from-storage-injection-exploit-57124e867f33


Red Pulse

“All RPX tokens are safe. No wallets or transactions are impacted now and in the future, and users can continue to transact and hold RPX without issue.”

https://blog.red-pulse.com/red-pulse-rpx-token-is-secure-17727bd8c4b3


THEKEY

“All the TKY tokens are safe now. No wallets or transactions are being affected or has been affected, and users can continue trading without any additional action.”

https://medium.com/@thekeyvip/your-tky-tokens-are-safe-notice-on-neos-storage-injection-vulnerabilities-e47256dd7151


Travala

“Travala.com and the AVA NEP-5 token smart contract is unaffected by the storage injection vulnerability.”

https://medium.com/@travala/a-statement-of-security-regarding-the-travala-ava-nep-5-smart-contract-4997f506cbd2


Trinity

“TNC holders shall have no concern over the security of TNC.”

https://medium.com/@TrinityProtocol/trinity-foundation-statement-on-nep-5-contract-storage-injection-vulnerability-8f1f78a2e6d6


Zeepin

“The behaviors in this statement have no impact to #ZPT holders. We are safe.”

https://twitter.com/ZeepinChain/status/997669087189680129