Fatal Bug in ICON (ICX) Causes ALL Transfers to be COMPLETELY Disabled Due to a Bug in the Smart…

Apparently, there was/is a fatal flaw in the token, ICON ($ICX) [An ERC20 token] which allowed anyone, apart from the creator of the contract itself, to enable/disable token transfers for any and all individuals.

How Did I Find This?

Short answer. Reddit.

Here’s the thread in question that actually brought this issue to the community’s attention:

Someone was kind enough to also isolate the specific piece of code that led to this error as well.

You can find that here:

Ethereum Accounts, Address And Contracts

Source Code Copy Find Similiar Contracts pragma solidity ^0.4.11; contract Migrations { address public owner; uint public last_completed_migration; modifier restricted() { if (msg.sender == owner) _; } function Migrations() { owner = msg.sender; } function setCompleted(uint completed) restricted { last_completed_migration = completed; } function upgrade(address new_address) restricted { Migrations upgraded

You can see the fatal error in lines 162–165 of the code.

This is re-posted below as well for convenience:

This news comes just 24-hours after the announcement from Binance that they would be supporting the token swap, which is worth noting:

Ethereum Accounts, Address And Contracts

Source Code Copy Find Similiar Contracts pragma solidity ^0.4.11; contract Migrations { address public owner; uint public last_completed_migration; modifier restricted() { if (msg.sender == owner) _; } function Migrations() { owner = msg.sender; } function setCompleted(uint completed) restricted { last_completed_migration = completed; } function upgrade(address new_address) restricted { Migrations upgraded

Given the fact that there is virtually zero media coverage on this issue at this point in time — it remains to be seen whether this is something that will undermine the mainnet token swap itself.

Excerpt from the press release posted on newsbtc

Why is This Flaw in the Code a Big Deal?

#1 — Because you cannot alter smart contracts (without seriously running the risk of compromising the entire contract itself).

#2 — Because of this:

Conclusion

It remains to be seen whether the team will fix this in the foreseeable future or whether this presents an attack vector on the chain, but it’s definitely something that appears as though it should be publicly addressed in some fashion sooner, rather than later.

Edit: Response has been given by the team found here —

Ethereum Accounts, Address And Contracts

Source Code Copy Find Similiar Contracts pragma solidity ^0.4.11; contract Migrations { address public owner; uint public last_completed_migration; modifier restricted() { if (msg.sender == owner) _; } function Migrations() { owner = msg.sender; } function setCompleted(uint completed) restricted { last_completed_migration = completed; } function upgrade(address new_address) restricted { Migrations upgraded

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Yes No