Connect with us


NEO’s NEP-5 vulnerability could have burned billions in NEO!




NEO Enhancement Protocol 5 [NEP-5] prone to attacks according to the statement given by the team
Source: Maxpixel

NEO’s NEP5 protocol, similar to Ethereum’s ERC20, supports tokens to run on the NEO platform. Based on the statement provided by the NEO team today, the platform had a huge Storage Injection Vulnerability.

Red4Sec, a Security Audit Company recently discovered that there was a vulnerability in the code of some of the NEP-5 contracts which if exploited, an attacker could make changes to the Contract storage, burn a certain amount of coins and hamper with the total supply status within the contract.

The team claims that the cost of the attack would’ve been high and attackers could’ve been able to only change the status of the total supply and not the actual supply volume.

According to the statement provided by the NEO team, the Storage Injection Vulnerability exists within the smart contract code of some dApps but the vulnerability hasn’t affected the blockchain.

In addition, the team has reviewed a huge amount of contract codes and based on the review, some of the projects are not affected by the vulnerability probably because they already had fixed the bug before its discovery. The ones that are prone to the attack haven’t lost any of the users’ assets and the projects are given the authority to decide whether to upgrade.

But, the team is unable to figure out if any other serious vulnerability was discovered for one project [not mentioned which one] as the source code was not open.

The NEO team has informed all the projects and provided them with guidance on how to tackle the vulnerability. They have also suggested them to use the ‘contract upgrade API on the NEO Fundamental layer’ in order to upgrade the affected smart contracts.

NEO Global Development [NGD] along with Red4Sec have been continuously monitoring the NEO core and project codes in look for vulnerabilities.

The NGD team says:

“We remain in unified commitment to protect the NEO ecosystem from potential security threats.”

After the announcement, few tokens based on the platform have given a statement of their own saying that they have not been affected by the storage injection vulnerability.

Isotopes, a Twitterati says:

“Congratulations Red4Sec for successfully identifying a NEP-5 Storage Injection Vulnerability affecting some of NEO’s Dapp smart contracts. Just another in a long line of potentially fatal mistakes that will continue to cost this industry billions of $$$ until taken seriously.”

Subscribe to AMBCrypto’s Newsletter

Follow us on Telegram | Twitter | Facebook

Andrea Pierre Jackson is a contributing News writer at AMBCrypto from December 2017. She has previous writing experience with major publishing houses in the UK and the US. Andrea currently does not hold any position in any cryptocurrency or its projects


FLiK case: Utility tokens take another hit in case allegedly involving Rapper TI, claims prominent lawyer





Source: Unsplash

Stephen Palley, a prominent lawyer at Anderson Kill, spoke out about the FLiK token case via his official Twitter handle. Notably, unlike most tokens in the space, FLiK made headlines because of its celebrity backing.

Towards the end of last year, it was reported that the US Rapper Clifford Joseph Harris Jr., who goes by the stage name T.I. and T.I.P., was sued for $5 million over the alleged failure of the token promoted by him and his partner, Ray Felton. The rapper was being sued by a group of 25 individuals who claimed that that they invested around $1.3 million in the tokens.

Additionally, there were allegations that the rapper used the raised money to increase the token’s value, following which the duo sold their holdings after the coin crashed. Other well-renowned celebrities such as Kevin Hart and Mark Cuban were also reportedly associated with this project.

On the recent developments surrounding the case, Stephen Palley stated,

“Utility tokens” take another hit in case allegedly involving rapper TI. Court says FLiK ICO tokens = securities under Howey Test, for motion to dismiss purposes. That they offered some functionality ≠ relevant given buyers’ expect of profits solely from efforts of others. 1/4″

Source: Twitter

Source: Twitter

Source: Twitter
The lawyer further stated that,”use of funds” was already determined by the defendants, “per the FLiK token whitepaper.” He went on to state that there was a time problem, adding that Federal Law rules that “unregistered sale” of security tokens were supposed to be reported within 12 months after the violation.

The lawyer concluded by tweeting,

“ps — form was never going to be exalted over substance, so none of this is a huge surprise. Also, this is a ruling on Rule 12(b)(6) motion to dismiss so the Court takes the allegations as true for purposes of ruling. The merits still have to be litigated.”

Subscribe to AMBCrypto’s Newsletter

Continue Reading