As many as a dozen or more ethereum-based ERC-20 smart contracts have been found to contain bugs that let attackers create as many tokens as they want.
While the bugs - first identified on April 22 and April 24, respectively, in a pair of posts published on Medium - aren't tied to the ERC-20 standard itself, the issues prompted a number of exchanges to suspend ERC-20 tokens as they investigate.
As of press time, Poloniex has moved to reinstate services for ERC-20 tokens.
The batchOverflow post outlines how the batchTransfer function in a contract has a maximum number of tokens that can be sent in a transaction, adding that the value of the tokens being transferred must be less than the total number of tokens that were generated.
The " value" parameter - one of the two that determine the total number of tokens - can be manipulated, which would then change another variable, resulting in an attacker being able to create as many tokens as they'd like.
Further, the attacker can bypass the barriers in the contract which would normally ensure that a reasonable number of tokens are being transferred.
While initial reports indicated all ERC-20 tokens may be impacted, the "BatchTransfer" function is not part of the token standard.
In a sign of the seriousness of that bug, OKEx said on April 24 that it was rolling back trades on the BeautyChain Token.
Certain variables can be manipulated to spontaneously generate large amounts of tokens.
One Twitter user noted that an attacker created $5 octodecillion in SmartMesh tokens.
Crypto Exchanges Pause Services Over Contract Bugs
Publié le Apr 25, 2018
by Coindesk | Publié le Coinage
Coinage
Nouvelles récentes
Voir tout
First Mover: What's Next for Bitcoin as Wall Street Gets Vaccine Booster
Bitcoin was higher for a second day, staying in a range of between roughly $15,200 and $15,600, as news of progress in developing a coronavirus vaccine appeared to touch off a rally in U.S. stocks.
Market Wrap: Bitcoin Fails to Break $15.9K; Over 50K ETH Staked on Eth 2.0 Contract
Bitcoin gained Wednesday while Ethereum 2.0 staking has been ramping up.
Citibank Analyst Says Bitcoin Could Pass $300K by December 2021
A senior analyst at U.S.-based financial giant Citibank has penned a report drawing on similarities between the 1970s gold market and bitcoin.
Blockchain Bites: Data Unions. Hard Forks. And One Citi Analyst's Case for $300K BTC.
A Citibank managing director thinks bitcoin could hit $318,000.