Creating a token is complicated already and developing one that is bug-free seems even harder as the latest of Ethereum smart contract bugs has just popped up. A newly-discovered exploit has allowed the unknown attackers to generate billions of ERC20 tokens, which left such major crypto exchanges as Okex, Poloniex, Changelly or Coinone with no other choice than to suspend all deposits and withdrawals, associated with the token.
The bug was first discovered on April 22nd when 115 octodecillion BEC (Beauty Coin) was generated in two contracts. At the time it was trading at $0.32 per token, bringing the total market cap for the token to $3.7 novemdecillion, which is a truly comical number, 3.7 followed by 60 zeros to be exact. The same exploit was used a couple of days later to create $5 octodecillion USD worth of Smart Mesh tokens.
The critical vulnerability in Ethereum smart contracts based on the ERC20 protocol is called batchOverflow. According to Okex, “By exploiting the bug, attackers can generate an extremely large amount of tokens, and deposit them into a normal address. This makes many of the ERC-20 tokens vulnerable to price manipulations of the attackers.“ The exchange went on to reiterate that deposits of all ERC20 tokens will be suspended until the exploit is fixed.
Blockchain security startup PeckShield has come across the vulnerability in multiple Ethereum smart contracts. According to them, thorough smart contracts audit is of huge importance to ensure similar attacks are prevented in the future. PeckShield have provided a full list of tokens that are powered by ERC20 and are affected by the bug. They include MESH, UGToken, SMT, SMART, MTC, FirstCoin, GG Token, CNY Token and CNYTokenPLus.
The news comes at a challenging time for Ethereum as some users reported attacks and thefts from their MyEtherWallet accounts, which amount to around $150m in total. Furthermore, the former Commodity Futures Trading Commission Chairman Gary Gensler made the case on Monday that ETH should be considered a security, which would significantly reduce the number of exchanges that can trade it. At the start of the week, the Ethereum community voted against restoring the lost ETH in the Parity smart contract bug last year.
Expectedly, the market expressed a negative response to the news with Smart Mesh token taking the biggest tumble to drop from $0.11 to $0.08 in just one hour. Ethereum was also hit following the announcement, although it must be said the crypto market overall is currently hobbling through the correction, following the recent positive momentum. ETH has fallen from $664 to $612 as the market absorbed the news but has since rebounded to trade around $630 at press time.
Image Source: “Flickr”
Leave a Reply