1 entry tagged “access-control”.
On May 20, 2024 an attacker abused a privileged minter account on the GALA token contract to mint 5 billion GALA (≈$200M+ nominal) and dumped ~600M of them for ~$22M of ETH before Gala froze the address. Gala Games called it an internal access-control failure; the attacker later returned the ~$22M.
