On July 13th, we received a notification from the 0x team about a newly discovered vulnerability in the 0x exchange smart contract that might allow an attacker to fill certain orders with invalid signatures. According to the 0x team, although no one had exploited this vulnerability and no user funds had been lost, to ensure security, they decided to shut down the 0x exchange contract and deploy a new one to fix the vulnerability.
Later we learned that the vulnerability was fixed and a new version of the 0x exchange smart contract had been deployed (please read 0x’s blog post for details). We then migrated LedgerDex to use the new smart contract. Now the LedgerDex web app is available again.
Please be assured that no users has lost any funds during this period and now the LedgerDex platform is more secure.
However, as a result of the smart contract migration, there are some minor consequences:
- All outstanding orders created previously have become invalid. You don’t have to do anything with your previous orders, but basically there are all gone and you might have to re-create orders if you want.
- You have to set token allowance again if you want to trade, because all token allowances set before are no longer valid after the migration.
We do apologize for the inconvenience and hope to continuously serve our users with a system that’s both secure and user-friendly.
If you have any questions, please feel free to contact us at firstname.lastname@example.org
The LedgerDex Team