Last night the 0x Project Team Announced that they had become aware of a potential exploit on the 0x v2 exchange contract. To protect users’ assets, they shutdown the exchange contract. A review of the exchanges transaction history confirms that no users have fallen victim to this exploit, so props to the 0x team for acting quickly to mitigate the issue.

For us as a relayer, this means we had some effective downtime between the discovery of the vulnerability and when we were able to update our systems to use the new exchange contract. For you as a user, this means that you will need to set some new allowances, and make sure that new orders are specifying the correct exchange contract address. If you are using 0x’s developer tools and packages, updates are already available with new addresses. If you are using other tools, here are the addresses you need to know:

• ERC20Proxy: 0x95e6f48254609a6ee006f7d493c8e5fb97094cef
• ERC721Proxy: 0xefc70a1b18c432bdc64b596838b4d138f6bc6cad
• MAP: 0xef701d5389ae74503d633396c4d654eabedc9d78
• Exchange: 0x080bf510fcbf18b91105470639e9561022937712
• APOwner: 0xdffe798c7172dd6deb32baee68af322e8f495ce0
• Forwarder: 0xdc4587cb17d2a1829512e2cfec621f8066290e6a
• OrderValidator: 0xa09329c6003c9a5402102e226417738ee22cf1f2

At the time of this writing, we at OpenRelay are still unclear on the status of test networks. We will update our systems as testnet addresses become available.