In preparation for the SKALE V2 launch, we are putting every ounce of effort into proactive code audits. With that in mind, we perform regular and consistent audits both internally and through external third parties including ConsenSys Diligence, Quantstamp, and others. In fact, we’re excited to announce shortly that we are kicking off a Code4rena security audit contest.
As part of this consistent auditing process, earlier today the SKALE smart contract core devs discovered a potential vulnerability in the IMA bridge. This one-line piece of code would have the potential to be an exploit if not proactively found and fixed. In order to immediately mitigate this issue, the DAO multisig holders have implemented code fix that temporarily pauses IMA Bridge functionality while a quick and simple one line code fix is initiated over the next 24-48 hours.
The vulnerability has now been fixed and mitigated. The updated fix which re-enables bridging is expected to take 24-48 hours to be fully implemented across validator nodes. During this period, all SKALE on-chain transactions will be functioning as normal. If you are a user on a SKALE Chain you can continue to trade and perform transactions. Your ability to bridge back and forth to Ethereum will continue as normal as soon as the patch is fully implemented. All users with assets on the bridge can be assured that their assets are safe.
Transparency is a core value of the SKALE community. All technical changes will be fully visible within GitHub as SKALE is a fully open source project.
While this was not a major event, as there was zero financial impact and all chains will remain fully functional during the upgrade, this was a huge win for the SKALE Community as the effort and focus on auditing is continually making a stronger and more secure network. We will continue to implement auditing best practices and push to set the standard for best in class proactive auditing.
We are excited for the V2 launch next month! Let’s keep the momentum going.