Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
Across proposes capping token supply after LayerZero founder flags contract concerns

Across proposes capping token supply after LayerZero founder flags contract concerns

The BlockThe Block2024/10/21 16:00
By:The Block

Quick Take Across Protocol has proposed capping its ACX token supply to one billion following criticism from LayerZero Labs CEO Bryan Pellegrino. Pellegrino flagged a function in the Across token contract that he claimed allowed the owner to burn ACX tokens from any wallet. The LayerZero Labs CEO also claimed the Across and UMA Protocol contracts can infinitely mint tokens.

Across proposes capping token supply after LayerZero founder flags contract concerns image 0

Across Protocol co-founder Hart Lambur proposed permanently capping the supply of ACX tokens to one billion late Monday following criticism from LayerZero Labs CEO Bryan Pellegrino. The proposal , if approved by the Across community, would also renounce Across Governance’s ownership over the ACX token and set it to 0x0 — preventing any future changes to the token supply via minting or burning.

Earlier, Pellegrino had flagged what he described as a “critical issue” with the Across token contract. However, this was met with pushback from the community, which suggested it was more of a transparency issue than a security flaw.

“You mistakenly exposed what was meant to be an internal private function written by OpenZeppelin in their ERC-20 token implementation, meant for burning tokens, and gave it to your contract owner — allowing you to take [burn] tokens out of any wallet at any point in time, arbitrarily rugging any account to zero,” Pellegrino said.

The interoperability protocol founder also alleged the Across Protocol and UMA Protocol contracts could infinitely mint tokens, suggesting that to fix the issue ownership should be transferred to an immutable smart contract that prevents minting beyond the total supply, disallows burning and cannot transfer ownership.

Across Protocol is a decentralized cross-chain bridge enabling the transfer of assets between Ethereum and Layer 2 networks. UMA Protocol is a decentralized platform that allows users to create synthetic assets and financial contracts on Ethereum using self-enforcing smart contracts. Lambur is also a co-founder of UMA Protocol.

'Disingenuous FUD and fear-mongering'

Lambur initially dismissed Pellegrino’s allegations as “disingenuous FUD and fear-mongering,” stating its contracts are secure and audited by OpenZeppelin. Jota Carpanelli, head of security at OpenZeppelin, also addressed the claim. Carpanelli explained that the mint and burn functions were controlled by a Safe (formerly Gnosis Safe) multi-sig wallet and functioned as intended, adding that it didn’t see this as a critical issue.

“Are you joking? Do you not understand how to read code? An audit is not a defense against an issue,” Pellegrino replied to Lambur. “I'll tell you what, let's bet your highest bug bounty tier ($1,000,000). When you realize you're wrong, donate it back to the community. Or you can literally just run it and verify yourself.”

Lambur later acknowledged that while Pellegrino had inaccurately labeled its ERC-20 implementation as having a critical vulnerability in his opinion, the “design choice was wrong,” adding that the proposal had been put forward in the “spirit of decentralization and transparency.”

“If it was a critical vulnerability I would have never publicly posted it publicly/on Twitter and would have done proper disclosure privately,” Pellegrino responded to another community member on X. “It's a permissioned function controlled by their team, can argue semantics of 'critical issue' or not but I would guess 99% of their users are unaware that they can have their tokens deleted.”

The current non-binding temperature check vote on the proposal, allowing the community to gauge sentiment before making a formal decision, shows 99.5% favor the supply cap.

ACX is down around 4% following the accusations at $0.28, according to CoinGecko data .

The Block reached out to Lambur and Pellegrino for comment.


0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!

You may also like

Should the AI Agents framework standard issue a token?

For Zerebro, this is an open-source approach to drive traffic and expand the ecosystem for monetization, with the possibility of issuing new framework tokens or authorized MEME tokens.

Chaincatcher2024/12/23 06:02