This past Friday in collaboration with Zeppelin Solutions, Augur disclosed a critical non-loss-of-funds vulnerability in the REP token contract. The Augur team intentionally triggered the vulnerability, freezing REP for 31 billion years. New REP using the Zeppelin Solutions Solidity ERC20 contract was issued out to all REP holders hours after the freeze. The migration went just about as smoothly as it could have, taking a total of ~4 hours from the initial freeze to publishing a new contract address with all new REP distributed.

If you are a REP holder, there is nothing you need to do!

Almost all exchanges, wallets, block explorers and services have updated to the new contract address. Let us know in Slack if you see a service that has not updated their REP address. We’re working on refunding EtherDelta and Oasis users this week, and will have an update following.

Details are available in our previous post:

The Serpent compiler audit was the initiator of discovering this vulnerability. The full Serpent audit report by Zeppelin Solutions can be read below:

In light of the audit results, our back-end team is now in unanimous agreement: we have to migrate to Solidity. The conversion from Serpent to Solidity is estimated to take six weeks. In this time, we are also looking to get both the Solidity and Viper compilers independently audited.

CoinDesk did an article today on moving off Serpent:

The new IDEO client is coming along, and we’ve updated a bit of our branding across some of our social profiles. The Augur beta StackExchange went live yesterday, if you committed, you can now ask and reply to questions!

If you have any questions regarding the REP migration, please reach out!