AvaxCoins: Full Functionality restored after Thwarted Exploit attempt.
The developers behind the popular NFT series AVAX Coins were on a temporary high alert earlier today when an exploitable bug within their V2 contract was made apparent whilst administering routine maintenance.
A Previous instance of malicious activity on the v1 contract occurred when an exploit was used to drain the wallet that is reserved for user rewards, causing reward claims to be temporarily offline. The devs were able to avoid extensive downtime as the offending bug was identified and securely patched. This would prevent further instances with funds stolen from the reward wallet were replaced with zero loss to AVAX Coin holders.
This brought the contract’s development to the point in which it stood at the time of the most recent discovery (V2). The version 2 contract had been operating as expected and automatically routing rewards precisely as developers intended to remedy the issues of the earlier contract.
Unfortunately, a malicious user identified an undiscovered bug and in lieu of reporting it for a bounty, chose an attempt at utilizing it to exploit the v2 contract. The user was then able to edit the fixed cost required to mint an AVAX Coin NFT, which should have been an unnegotiable 2 $AVAX per mint. It’s fairly easy to see how this event could have quickly became an impactful issue for the AVAX Coins ecosystem, however, swift action from developers and team ensured a quick and targeted response allowing only two (2) NFTs to be minted at an edited and unfair price. The code within the v2 contract that allowed these events has been patched, and an improved v3 contract has already been pushed live.
Functionality has been fully restored and v2 coin holders are able to migrate their NFT(s) to the new protocol.
Various test confirm the v3 contract has been secured and users are now welcome to mint their own Version 3 AVAX Coins.
Learn more about the history of AVAX Coins