Main navigation

Ethereum’s Gas Contains Bug Allowing Hackers to Mint Extra Tokens

News
Thu, 11/22/2018 - 10:44
article image
Yuri Molchan
On Wednesday, an ETH smart contract developer announced it spotted a vulnerability in the network that lets ill-doers mint a large amount of Gas as they receive ETH
Ethereum’s Gas Contains Bug Allowing Hackers to Mint Extra Tokens
Cover image via U.Today
Read U.TODAY on
Google News
Contents

A company-developer dubbed Level K found the vulnerability and made it public knowledge in its blogpost, saying that it had also notified as many crypto exchanges as possible, warning them of the danger. Level K also reports that the exchanges have installed software patches to protect themselves.

What risks the bug bears for the network

The weakness is activated when ETH is transferred to a wallet that can afterwards conduct arbitrary computations for which the operation initiator pays and which bears the risk of ‘griefing’ — this is what a bad actor does to harm users of the ecosystem. The theory goes that the person behind an attack can make the initiator of the transaction, a crypto exchange in this case, pay for an arbitrary computation, unless the exchange has gas limits activated.

Potentially, a dirty player can mint a great amount of Gas when he or she receives Ether, making this griefing attack and giving them a huge profit.

Related
Coinbase's Policy Officer Leaves the Exchange

All ETH tokens are vulnerable

The worst part of this is that it is not only ETH that can be used for the illegal minting of Gas. The bug can also spread its effect on all other ETH-based tokens, such as ERC721 or ERC20-based ones. If exchanges do not implement a gas limit for transactions when it comes to contract calls for transfers, they are at a risk of having to pay for a great volume of computation.

Disaster prevented

Per Level K, slightly over a week ago private messages were sent to the trading platforms that could potentially suffer from this weak point in the Ethereum protocol to notify them of the possible danger. They have all now installed patches to eliminate the bug.

The developer in question has also posted additional info and a complete description of the threat, as well as what has been done to eliminate it.

article image
About the author

Yuri is a crypto journalist interested in technology and technical innovations. He has been in crypto since 2017. Believes that blockchain and cryptocurrencies have a potential to transform the world in the future in many of its aspects. ‘Hodls’ major cryptocurrencies and has written for multiple crypto media outlets. 

His articles have been quoted by such crypto influencers as Tyler Winklevoss, John McAfee, CZ Binance, Max Keiser, etc.

Currently Yuri is a news writer at U.Today and can be contacted at yuri.molchan@u.today.