Original source: Gala Games
andSpider TanksandGALA 2023Saw some great content in the video.
Now, with the video over, we turn to the core issues of pGALA and pNetwork. This is our only official statement on the matter.
The whole story began in mid-2021, when a partner of a large exchange introduced us to the pNetwork project party. pNetwork said that they will build a cross-chain bridge for GALA to help users cross-chain GALA from the erc main network to the BNB chain. Given that this is the decentralized future, we really can't stop them, so they started the construction work and built this cross-chain bridge. Ironically, the chain-span bridge is not the problem here. Although this cross-chain bridge has been full of various vulnerabilities in the past few months, this is not the focus of our talk today.
When pNetwork's Thomas Bertani contacted us on Thursday, he told us that the contract on the BNB chain was vulnerable but had not yet been exploited maliciously. This vulnerability is because pNetwork engineers mistakenly left a key in the contract, and this key has been used to change the control address of the contract. According to Bertani, the vulnerability actually occurred 67 days ago, but has not yet been exploited maliciously. Essentially, the pGALA token contract on the BNB chain is a bomb that could detonate at any time if a malicious actor decides to exploit the contract. Bertani believes that if the vulnerability is discovered, malicious actors are likely to take action to mint an unlimited amount of pGALA through pNetwork’s pGALA contract.
Bertani proposed to us a plan to deactivate the cross-chain bridge, and then attack their own smart contracts through white hats. pNetwork requests that we contact exchanges and remind them to immediately suspend all pGALA deposits and withdrawals. We contacted all the exchanges we have contacted and informed them of the situation, asking them to suspend the pGALA deposit and withdrawal of BEP-20. Most people do, but unfortunately, not all of them do it right away. Also, since we generally do not attempt to directly promote our GALA token, we have not contacted the vast majority of exchanges that have listed $GALA, let alone the BEP-20 token $pGALA on the BNB chain. We also contacted PancakeSwap and asked them to put a warning sign on the trading pair, reminding people not to trade it.
Knowing these circumstances, pNetwork formulated their plan to drain the liquidity pool of old pGALA tokens on the BNB chain in order to return corresponding tokens to previous token holders when redeploying new security contracts. Unfortunately, in this case, many users (and possibly many bots) attempted to arbitrage the difference between the price of pGALA on PancakeSwap and the price of ERC-20 GALA on the exchange. Some exchanges that did not stop deposits prior to this event ended up receiving a large amount of pGALA on the BNB chain, which affected them and other major players in the market.
In all of this, there is good news and bad news.
The good news is that ERC-20 GALA was largely unaffected, and all events that occurred had nothing to do with the contracts that Gala manages, maintains, or deploys. Anyone holding ERC-20 GALA will not have access to the entire pNetwork event at all. In addition, according to pNetwork, the cross-chain bridge from GALA to pGALA on pNetwork is also sound, and the collateral still exists. According to their public statement, anyone who held pGALA before starting the white hat attack operation will receive new pGALA after the bridge is restored, which can then be cross-chained to the Ethereum mainnet to obtain the original GALA tokens.
The bad news is that there are still a lot of pGALAs out there. This is not our token, but we are sensitive to the concerns of the user community who hold pGALA. We are currently investigating how we can contribute to the field. This is not our token, nor is it our fault, but we want to act in the best interest of the community.
Decentralization can be a terrible thing, and this incident shows how something that has nothing to do with a token at all can seriously affect other tokens. In this industry, we should all be united.
Original link
