Account Vulnerability Disclosure

No funds were lost and accounts are secure

Chris Whinfrey
Feb 19, 2020 · 2 min read

On Monday, February 17th, 2020, our team received a vulnerability disclosure from samczsun. The vulnerability takes advantage of the order of operations in one of the account contract’s meta transaction functions and allows an attacker take control of the account. Please see samczsun’s detailed write up here. Thanks to the responsible disclosure, our team was able to quickly triage the issue and execute on a plan to secure users’ funds that evening. We’re relieved to say that no funds were lost and users are in complete control of their accounts.

The fix

Moving forward

Conclusion

Further reading

Authereum

Log into Ethereum

Authereum

Log into Ethereum

Chris Whinfrey

Written by

Authereum

Log into Ethereum