Across Protocol is taking into account criticism from LayerZero Labs CEO Bryan Pellegrino. Pellegrino suggested that the Across token contract has a function that allows the holder to burn ACX tokens from any wallet. He also claimed that tokens from the Across and UMA Protocol contracts can be minted forever. Following these criticisms, the altcoin project proposed to cap the ACX token supply at one billion.
The altcoin project has taken an important step after the criticism! Across Protocol co-founder Hart Lambur responded to Pellegrino’s criticism by proposing that the ACX token supply be permanently capped at one billion. If this proposal is accepted by the Across community, Across Governance will also relinquish ownership of the ACX token. It will also be set to the 0x0 address, preventing any future minting or burning of the token supply.
Pellegrino had previously described the situation with the Across token contract as a “critical issue.” However, the community reacted to the situation and argued that it was a transparency issue rather than a security vulnerability. Pellegrino voiced the following criticism:
“In the ERC-20 token implementation written by OpenZeppelin, an internal private function for burning tokens was inadvertently disclosed. This is a permission granted to your contract owner. You were allowed to receive (burn) tokens from any wallet, making it possible to arbitrarily reset an account.”
Pellegrino also noted that Across Protocol and UMA Protocol contracts can have their tokens minted forever, and to solve the problem, ownership must be transferred to an immutable smart contract that prevents minting that exceeds the total supply, does not grant burn authorization, and cannot transfer ownership.
Across Protocol is a decentralized cross-chain bridge that enables asset transfers between Ethereum and Layer-2 networks. UMA Protocol allows users to create synthetic assets and financial contracts on Ethereum with self-reinforcing smart contracts. Lambur is also the co-founder of UMA Protocol. Lambur, who initially dismissed Pellegrino’s claims as “disingenuous FUD and fear-mongering,” also stated that his contracts are secure and are audited by OpenZeppelin. OpenZeppelin’s head of security, Jota Carpanelli, stated that the mint and burn functions are controlled by the Safe (formerly Gnosis Safe) multi-sig wallet and that these functions are working as intended. He added that they do not see this as a security issue.
Pellegrino responded to Lambur: “Are you kidding me? Don’t you understand how to read code? Auditing is not a defense against a bug. Let’s bet your highest bug bounty tier ($1,000,000). When you realize you’re wrong, donate it back to the community.”
Lambur acknowledged that despite Pellegrino falsely calling the ERC-20 implementation a security vulnerability, “our design choice was wrong.” He added that the proposal was put forward “in the spirit of decentralization and transparency.” The current poll shows 99.5% support for the supply cap, which is intended to gauge community sentiment before a formal decision. Meanwhile, ACX is down nearly 4% to $0.28 following these accusations, according to the latest data.
