Emergency withdraw your locked funds FROM GOVERNANCE now!


The nullification proposal that was posted a few days ago was malicious.

We didn’t notice it because we were looking at the contracts being deployed (as seen in the analysis) but deemed it safe even though we completely missed that the selfdestruct call could be used with create2 for arbitrary code execution (for governance memory).

What the perpetrator seemed to do is use this to give himself in storage more torn token balances.

You have a right to know, thus withdraw your funds right now if you have funds locked in governance.

As of now, 10,000 torn have been withdrawn from the vault.

But all funds IN GOVERNANCE are potentially compromised.

Furthermore for clarity, I specifically posted this proposals code in the relayers channel on may 14th because I distrusted it.

Despite of this, no one noticed that the selfdestruct call could be used with create2 to replace the contract and then execute the balance additions.

Continuing, the only person that I have been able to have a warroom with currently is theo, gozzy has not been present.

I will try my best to see if there is anything that can be done (considering that the person now potentially has overwhelming firepower).


1 Like

What’s the latest development?