A just lately found programming error could make some crypto tokens prone to hackers . The exploit permits a hacker to cross an unusually excessive worth to the alternate and get a ridiculous variety of tokens in alternate, an issue that has prompted the Okex alternate shut down all token buying and selling together with one known as BeautyChain (BEC).
What’s actually fascinating is how the hack labored. As you possibly can see above a line within the good contract creates one other worth –
quantity – by multiplying
_value. The hackers made a switch and set the worth to eight vigintillion – an eight with 63 zeroes. When this worth is handed, the code overflows permitting the hacker to achieve an enormous variety of tokens. Thanks to the good contract’s “code-is-law” principal, every of those transfers are technically authentic.
“There is no traditional well-known security response mechanism in place to remedy these vulnerable contracts!” wrote one researcher on Medium. “With that, we further run our system to scan and analyze other contracts. Our results show that more than a dozen of ERC20 contracts are also vulnerable to batchOverflow.”
In response Okex shut down all ERC-20 tokens however there are different exchanges and tokens prone to the hack.
“To protect public interest, we have decided to suspend the deposits of all ERC-20 tokens until the bug is fixed. Also, we have contacted the affected token teams to conduct investigation and take necessary measures to prevent the attack,” Okex wrote.
Image through MelisaDrucker who makes some unusually cool subway token earrings.