Middlemarch, the creator of Ethscriptions, the Ethereum registration protocol for Ordinals, introduced a number of days in the past that Ethscriptions had been attacked, ensuing within the lack of about 202 Ethscriptions on about 123 addresses because of the vulnerability.
This vulnerability just isn’t an Ethscriptions protocol vulnerability, however a selected sensible contract vulnerability. The protocol itself and different functions working on high of it have been fully unaffected.
The explanation for this vulnerability is that contracts wouldn’t have entry to Ethscription state. The contract itself can not know the proprietor of her explicit Ethscription, and the consumer could pay for her non-existent Ethscription.
The simplest option to keep away from this sort of abuse is to have a trusted third celebration confirm which deposits are legitimate.
However on this case, the only level of failure is somebody holding a non-public key that may confirm which deposits are legitimate. The staff needed to create a reference implementation that might be validated by the protocol itself.
Disclaimer: The knowledge supplied by WebsCrypto doesn’t signify any funding proposal. Articles posted on this web site signify private opinions and are by no means related to the official place of WebsCrypto.
(tag to translate) Ethereum