On Friday May 18th, NEO released a statement informing that a vulnerability had been discovered in a number of NEP-5 smart contracts. The statement can be found here.
The below is a collection of updates from NEO ecosystem projects informing the community on their status in relation to the vulnerability.
This list will be updated as more information becomes available.
Last update – 4:39am (UTC + 0), May 23rd, 2018
Blockchain Store
“The tech team have already tested the deployed BCS smart contract on testnet. They found that BCS does not have any of the security problems mentioned above.”
https://bcschain.io/announcement-about-storage-injection-vulnerability/
Bridge
“Our team wants to reiterate, all IAM tokens are safe. No wallets or transactions are impacted and users can transact and hold IAM tokens without fear.”
DeepBrain Chain
“Our analysis has shown that DBC will not be affected by this vulnerability.”
Narrative
“Narrative confidently states that the NRVE NEP-5 token smart contract is unaffected by the vulnerability.”
Ontology
“ONT holder accounts are safe and are not affected by the attack.”
Phantasma
Phantasma told NEO News Today – “Phantasma will deploy the smart contract with NEP5 token support before the sale, and the contract was audited by Red4Sec and the storage vulnerability does not affect it”
Qlink
“QLC holders and their accounts are safe and sound.”
Quarteria
“We at Quarteria are very pleased to announce that our source code is, in fact, safe as per detailed review with NEO GD.”
https://medium.com/@quarteria.io/quarteria-safe-from-storage-injection-exploit-57124e867f33
Red Pulse
“All RPX tokens are safe. No wallets or transactions are impacted now and in the future, and users can continue to transact and hold RPX without issue.”
https://blog.red-pulse.com/red-pulse-rpx-token-is-secure-17727bd8c4b3
THEKEY
“All the TKY tokens are safe now. No wallets or transactions are being affected or has been affected, and users can continue trading without any additional action.”
Travala
“Travala.com and the AVA NEP-5 token smart contract is unaffected by the storage injection vulnerability.”
Trinity
“TNC holders shall have no concern over the security of TNC.”
Zeepin
“The behaviors in this statement have no impact to #ZPT holders. We are safe.”
https://twitter.com/ZeepinChain/status/997669087189680129
About The Author: Dean Jeffs
Dean is a digital project manager who has worked extensively with start ups and agencies in the marketing space. Fascinated by the potential applications of blockchain technology, Dean has a passion for realising the new smart economy.
More posts by Dean Jeffs