Tech 26 April 2018

Erik Gibbs

ERC20 deposits blocked on OKEx over critical smart contract bug

Hong Kong-based cryptocurrency exchange OKEx has put the brakes on all ECR20 deposits following the possible discovery of a bug in at least 12 smart contracts that are built to the ECR20 standard. The news came out Tuesday, forcing the exchange into action to prevent attackers from exploiting the bug.

The smart contract bug, called “BatchOverFlow,” allows an attacker to create tokens from thin air and then deposit them into a verified Ethereum wallet. In a statement, OKEx said attackers who exploit the bug “can generate an extremely large amount of tokens, and deposit them into a normal address,” which “makes many of the ERC-20 tokens vulnerable to price manipulations of the attackers.”

“To protect public interest, we have decided to suspend the deposits of all ERC-20 tokens until the bug is fixed. Also, we have contacted the affected token teams to conduct investigation and take necessary measures to prevent the attack,” according to the exchange.

Following OKEx’s suspension, another cryptocurrency exchange followed suit. Changelly, which operates as a broker between exchanges and users, announced via Twitter that it would be suspending deposits following “an exploit check.” Changelly promised to bring the tokens back as soon as they’re certain “there is no vulnerability in deposits received.”

The bug was first identified over the weekend and published in a post on Medium. The author of the post, “ranimes,” claims that it could affect over 20 ERC20 smart contracts. The post includes several proofs-of-concept, showing the validity of the bug.

How much damage has been done and what tokens were affected isn’t known. However, BeautyChain, a beauty-themed ecosystem, was already exploited. Once the exploit of its coin, BEC, was identified, exchanges began suspending BEC trading, and some rolled back BEC trades.  OKEx rolled back BEC/BTC, BEC/ETH and BEC/USDT to 1:18 PM April 22, Hong Kong time.

Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.

Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.

COMMENT

latest news

Blockchain analyst CipherBlade criticizes WSJ journalism, or lack thereof

Tech 22 March 2019

Blockchain analyst CipherBlade criticizes WSJ journalism, or lack thereof

CipherBlade, a blockchain investigation firm, has concluded that the Wall Street Journal (WSJ) has overstated its previous claims about the cryptocurrency exchange ShapeShift.

Read More
Unwriter announces Bottle, a Bitcoin browser

Tech 22 March 2019

Unwriter announces Bottle, a Bitcoin browser

Looking to find a way out of the world wide web, Unwriter has released Bottle, a new browser exclusively for the Bitcoin SV network.

Read More
Money Button CEO: How to upload large files to Bitcoin SV blockchain

Tech 22 March 2019

Money Button CEO: How to upload large files to Bitcoin SV blockchain

OP_Return has a 100KB upload limit, but Ryan X Charles will show you how you can upload much larger files with a new tool from Money Button.

Read More