Ontology Team Statement on NEP-5 Smart Contract Storage Injection Vulnerability
The security audit company, Red4Sec, has recently discovered a storage injection vulnerability in the code of some NEP-5 smart contracts. By exploiting this vulnerability, an attacker could make changes to the contract storage. An attacker can burn a certain amount of tokens and change the status of totalSupply within the contract. However, such an attack can only change the show value of totalSupply. It will not change the actual supply volume. In addition, the cost of this attack would be very high. Therefore, we consider the risk of damage from this attack very limited.
The Ontology Team has investigated and analyzed the vulnerability, and reached the following conclusions:
1. ONT holder accounts are safe and are not affected by the attack.
2. The Ontology Team will continue to follow the progress of the vulnerability and maintain close communication and technical cooperation with related organizations to ensure the security of ONT holders' accounts.
The Ontology Team