Report BUG- Danger AMPL on Incognito


Hi Peter,
There is severe bug on incognito on mix contract address for AMPL token.
Please disable shield and unshiled for that token, unless you are activated the ampl protocol. Otherwise people will lose their money/token.

The weakness or bug is during negative rebase. Contract is not compatible for ampl protocol.

Therefore, if you have AMPL balance on contract . For example 1000 AMPL.

If AMPL protocol is negative rebase at 02.00 UTC. People will shield to incognito to avoid negative rebase before 02.00 UTC.

If let say that negative rebase AMPL protocol is 10%. I can shield 10,000 AMPL before negative rebase to incognito to avoid deduction of negative rebase.

Then, at 02.02 UTC i do unshield my 10,000 AMPL without getting deduction of negative rebase 10%. Supposed to be my AMPL balance is 9000 AMPL but i can unshield 10,000 AMPL. Because there is another balance 1000 AMPL on incognito to cover my lose.

The big issue is, i can take 1000 AMPL from other people balance on incognito as i do unshield back with 10,000 AMPL.

Please take any action to disable AMPL on incognito contract. Or you must enable AMPL protocol feature. Otherwise, if any bad guys. People will lose money to keep AMPL on incognito.



Thanks for your message @Trader3
Let us look into it now.

1 Like