A just lately found programming error could make some crypto tokens inclined to hackers. The exploit permits a hacker to go an unusually excessive worth to the alternate and get a ridiculous variety of tokens in alternate, an issue that has induced the Okex alternate to close down all token buying and selling, together with one referred to as BeautyChain (BEC).
What’s actually fascinating is how the hack labored. As you may see above, a line in the smart contract creates one other worth —
quantity — by multiplying
_value. The hackers made a switch and set the worth to eight vigintillion — an eight with 63 zeroes. When this worth is handed, the code overflows, permitting the hacker to realize an enormous variety of tokens. Because of the good contract’s “code-is-law” principal, every of those transfers are technically professional.
“There isn’t a conventional well-known safety response mechanism in place to treatment these weak contracts!” wrote one researcher on Medium. “With that, we additional run our system to scan and analyze different contracts. Our outcomes present that greater than a dozen of ERC20 contracts are additionally weak to batchOverflow.”
In response, Okex shut down all ERC-20 tokens, however there are different exchanges and tokens inclined to the hack.
“To guard public curiosity, now we have determined to droop the deposits of all ERC-20 tokens till the bug is fastened. Additionally, now we have contacted the affected token groups to conduct investigation and take needed measures to stop the assault,” Okex wrote.
Picture through MelisaDrucker who makes some unusually cool subway token earrings.