OP Dex Vulnerability

[westonnelson]

Hi all - I have identified a vulnerability impacting DEXs on OP - who to contact?

[sbvegan]

Hey @westonnelson, here's our Security Policy. Let me flag someone internally to find out the best next steps.

[westonnelson]

Ok, thank you, I believe it may be time sensitive though, let me know who to contact or what details to share?

I could send a Tx Hash or help any way possible.

[sbvegan]

Understood, I've flagged the team. In the meantime, can you put all of the details you have in an email and send it to security@oplabs.co? I can have our security team review and we can move from there?

[westonnelson]

Email sent with a description and a couple Tx hashes. Thank you.

I believe they will know what to do. 🫡

[sbvegan]

@westonnelson some follow up from the security team, if this is an issue in code that Optimism owns, you should report it to our immunefi program (outlined in the Security Policy). Otherwise you should contact the developers responsible for the code you've identified the vulnerability in.

[sbvegan]

Thanks again for flagging! Depending on the situation, can you also follow this procedure? ^

[westonnelson]

Ok, will do. I thought it might be isolated to the protocol enabling this but it does require use of OP contracts so ok I will review that then and do so. Thank you.

[github-actions[bot]]

Hey @westonnelson, We hope your recent question was resolved to your satisfaction. Your feedback is invaluable and helps us improve our support services. Could you spare a moment to fill out a short feedback survey. Thank you for helping us improve our developer community.