Content
@
0 reply
1 recast
1 reaction
Elad
@el4d
Important notice for all noun owners and delegates We were recently approached by 0xkasper from @hexens, a white hat security team, who found a new attack vector based on a vulnerability we were aware of in the Nouns token contract. Nouns tech grants pod has initiated a bounty payment of 30K USDC to the team. TLDR * Who’s at risk? Noun owners delegating to EOA accounts (not smart contract accounts). * What’s the damage? Noun NFTs can become non-transferrable with no voting power. * How likely is it to happen? The probability is low if you trust your delegates and their wallet security setup; otherwise please consider changing your delegation immediately. More info in this post: https://mirror.xyz/verbsteam.eth/TP917T6vm6gXuVAxbQ34ZCn7dNiHabu3UW-ninwalVc
6 replies
7 recasts
35 reactions
Nounish Prof ⌐◧-◧🎩
@nounishprof
So as long as the delegate doesn’t re-delegate it should be fine? (the risk being that if the wallet is hacked, this could cause the issue)
1 reply
0 recast
0 reaction
cone70
@noun70
3 things are needed for this vulnerability: The delegate must have 1 or more Nouns, they must use the “delegateBySig” function to delegate their own Nouns, they must delegate to the zero address (0x0000….) using this function.
1 reply
0 recast
0 reaction
0xDigitalOil
@digitaloil.eth
Yep, seems unlikely to happen by mistake. But still good to know this vuln exists.
0 reply
0 recast
0 reaction
