On Dec 13th, there were two suspicous contracts deployed that interacted with the byzantion marketplace v5 ✎ contract and was named as stacks-art-market: bad actor 1 ✎ , bad actor 2 ✎ .
It turned out that the two contracts together could extract 1644 STX from the escrow of open bids that were not placed by the attacker.
A new version of byzantion marketplace has been deployed since that prevents these exploits. Read more about the byzantion marketplaceprotocol.
An exploit in Arkadiko Swap was found. More details below together with next steps. We will come with another update RE: funds this weekend
Finally, we can only thank you for your continued encouragement 🙌🙌https://t.co/NyU9GdsdVF
— Arkadiko Protocol 🟧 (@ArkadikoFinance) October 28, 2021 The effected contract was v1-1 ✎ . In the updated version, new swapping pairs can only added by the admin. In addition, a shut down flag was added.
