Skip to main content
Source of Clarity - Deployed Clarity Contracts
GitHub Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

Stealing STX with a Dragon

On Dec 13th, there were two suspicous contracts deployed that interacted with the byzantion marketplace v5  contract and was named as stacks-art-market: bad actor 1  , bad actor 2  .

It turned out that the two contracts together could extract 1644 STX from the escrow of open bids that were not placed by the attacker.

A new version of byzantion marketplace has been deployed since that prevents these exploits. Read more about the byzantion marketplace protocol.

One minute to read

Draining the contract

The effected contract was v1-1  . In the updated version, new swapping pairs can only added by the admin. In addition, a shut down flag was added.

The comparison between the two contracts can be studied at git commit 82c8c47 .

One minute to read
gdoc_arrow_left_alt NFTs Draining the contract gdoc_arrow_right_alt