According to a new report by blockchain security firm SlowMist on Nov. 7. seemthat the issues affecting the Gala Games project were the result of a related private key leak on GitHub.
According to SlowMist, pNetwork, a cross-chain interoperable by Gala Games on the BNB Smart Chain, has three unique roles in the pGALA smart contract.
“Admin role is used to manage upgrades and changes to the proxy contract’s Admin address , DEFAULT_ADMIN_ROLE role is used to manage privileged roles in the logic (eg: MINTER_ROLE ), and MINTER_ROLE handles pGALA token minting.”
SlowMist goes on to explain that both DEFAULT_ADMIN_ROLE and MINTER_ROLE are controlled by pNetwork, while the proxy admin contract is the external address responsible for upgrading the pGALA contract. However, the company posted a screenshot claiming that the Private Key for the proxy admin owner’s address is publicly available. on GitHub, so users with access to the private key can manipulate pGALA contracts at any time. As of Aug. 28, the owner of the proxy admin contract was replaced, making the protocol vulnerable to attacks.
The Gala Games token bridge was attacked on November 3 after a wallet address mint over 2 billion GALA and dumped its tokens on PancakeSwap.
The post SlowMist reveals that the GALA token problem came from a private key leak on GitHub appeared first on Bitcoin Addict.