Total MarketCap:$00
API
EN
Dark
SearchSSI/Mag7/Meme/ETF/Coin/Index/Charts/Research
00:00 / 00:00
View
    Markets
    Indexes
    NewsFeed
    TokenBar®
    Analysis
    Macro
    Watchlist
Share
poweredbyicx

To immediately address any concerns raised above, we want to clarify that all bug bounty submissions we’ve received have been thoroughly reviewed and responded to appropriately. This has always been our practice, and we continue to act promptly on any genuine threats to the blockchain, its validators, or contracts.

Following a thorough assessment, it was confirmed that the submission from @FuzzingLabs did not identify any real threat to the network or its validators, contrary to their claims.

For clarity, their submission involved the possibility of a malicious actor updating legacy Python contracts to execute arbitrary code. At first glance, we understand why this appeared to be a vulnerability. However, they misunderstood its practical implications:

- They correctly observed that the Python execution engine is still live on the ICON blockchain.

- They then claimed that, while new Python SCOREs cannot be deployed, they can still be updated. This is where the misunderstanding began. In practice, updates to Python contracts are not permitted if they involve deploying new Python code. At present, no Python SCORE, whether a fresh deployment or an update, is accepted. Only updates transitioning from Python to Java are allowed.

"𝘗𝘺𝘵𝘩𝘰𝘯 𝘦𝘹𝘦𝘤𝘶𝘵𝘪𝘰𝘯 𝘦𝘯𝘨𝘪𝘯𝘦 𝘳𝘦𝘮𝘢𝘪𝘯𝘴 𝘢𝘤𝘵𝘪𝘷𝘦 𝘰𝘯 𝘮𝘢𝘪𝘯𝘯𝘦𝘵 𝘥𝘶𝘦 𝘵𝘰 𝘵𝘩𝘦 𝘤𝘰𝘯𝘵𝘪𝘯𝘶𝘦𝘥 𝘦𝘹𝘪𝘴𝘵𝘦𝘯𝘤𝘦 𝘰𝘧 𝘭𝘦𝘨𝘢𝘤𝘺 𝘗𝘺𝘵𝘩𝘰𝘯 𝘤𝘰𝘯𝘵𝘳𝘢𝘤𝘵𝘴." 𝗧𝗿𝘂𝗲.

"𝘗𝘺𝘵𝘩𝘰𝘯 𝘤𝘰𝘯𝘵𝘳𝘢𝘤𝘵𝘴 𝘤𝘢𝘯𝘯𝘰𝘵 𝘣𝘦 𝘥𝘦𝘱𝘭𝘰𝘺𝘦𝘥, 𝘦𝘹𝘪𝘴𝘵𝘪𝘯𝘨 𝘤𝘰𝘯𝘵𝘳𝘢𝘤𝘵𝘴 𝘤𝘢𝘯 𝘴𝘵𝘪𝘭𝘭 𝘣𝘦 𝘶𝘱𝘥𝘢𝘵𝘦𝘥" 𝗙𝗮𝗹𝘀𝗲.

Updating Python to Python is prohibited by the runtime system. Only Python to Java can be accepted.

"𝘗𝘺𝘵𝘩𝘰𝘯 𝘦𝘯𝘨𝘪𝘯𝘦 𝘪𝘴 𝘪𝘯𝘴𝘶𝘧𝘧𝘪𝘤𝘪𝘦𝘯𝘵𝘭𝘺 𝘴𝘢𝘯𝘥𝘣𝘰𝘹𝘦𝘥, 𝘢𝘭𝘭𝘰𝘸𝘪𝘯𝘨 𝘢𝘳𝘣𝘪𝘵𝘳𝘢𝘳𝘺 𝘤𝘰𝘥𝘦 𝘦𝘹𝘦𝘤𝘶𝘵𝘪𝘰𝘯" 𝗙𝗮𝗹𝘀𝗲.

This is exactly why the Audit system was introduced. Currently no Python SCORE is accepted regardless of being first deployment or update.

As you all know, ICON’s DeFi infrastructure, along with $ICX, will soon migrate to SODAX ($SODA) on the Sonic blockchain. While this transition takes place we remain committed to the security of the ICON blockchain and its users. If a credible exploit emerges with real-world impact on the blockchain, smart contracts, or user funds, rest assured that we will take all necessary steps to address it.

All You Need to Know in 10s
TermsPrivacy PolicyWhitePaperOfficial VerificationCookieBlog
sha512-gmb+mMXJiXiv+eWvJ2SAkPYdcx2jn05V/UFSemmQN07Xzi5pn0QhnS09TkRj2IZm/UnUmYV4tRTVwvHiHwY2BQ==
sha512-kYWj302xPe4RCV/dCeCy7bQu1jhBWhkeFeDJid4V8+5qSzhayXq80dsq8c+0s7YFQKiUUIWvHNzduvFJAPANWA==