Content
@
0 reply
1 recast
1 reaction
Elad
@el4d
Important notice for all noun owners and delegates We were recently approached by 0xkasper from @hexens, a white hat security team, who found a new attack vector based on a vulnerability we were aware of in the Nouns token contract. Nouns tech grants pod has initiated a bounty payment of 30K USDC to the team. TLDR * Who’s at risk? Noun owners delegating to EOA accounts (not smart contract accounts). * What’s the damage? Noun NFTs can become non-transferrable with no voting power. * How likely is it to happen? The probability is low if you trust your delegates and their wallet security setup; otherwise please consider changing your delegation immediately. More info in this post: https://mirror.xyz/verbsteam.eth/TP917T6vm6gXuVAxbQ34ZCn7dNiHabu3UW-ninwalVc
5 replies
6 recasts
63 reactions
0xDigitalOil
@digitaloil.eth
Interesting. Time to rewrite Nouns Token, deploy on @base and allow migration of existing Nouns via /layerzero stack :)
0 reply
0 recast
1 reaction
krel
@krel
thanks for acting swiftly on this ⭐️
0 reply
0 recast
1 reaction
datadanne
@datadanne.eth
great catch! web based tools that support delegating nouns should maybe implement a warning if delegating to an EOA? just curious, is this what popped up during the /nouns-protocol round?
0 reply
0 recast
0 reaction
Bixbite 👽
@bixbite
If you were aware of the vulnerability why wasn’t there an announcement about it when you first discovered it? Or maybe I missed that?
1 reply
0 recast
0 reaction
Nounish Prof ⌐◧-◧🎩
@nounishprof
So as long as the delegate doesn’t re-delegate it should be fine? (the risk being that if the wallet is hacked, this could cause the issue)
1 reply
0 recast
0 reaction
