Main navigation

Ethereum’s Gas Contains Bug Allowing Hackers to Mint Extra Tokens

Advertisement
Thu, 22/11/2018 - 10:44
Ethereum’s Gas Contains Bug Allowing Hackers to Mint Extra Tokens
Cover image via U.Today
Read U.TODAY on
Google News
Advertisement

A company-developer dubbed Level K found the vulnerability and made it public knowledge in its blogpost, saying that it had also notified as many crypto exchanges as possible, warning them of the danger. Level K also reports that the exchanges have installed software patches to protect themselves.

What risks the bug bears for the network

The weakness is activated when ETH is transferred to a wallet that can afterwards conduct arbitrary computations for which the operation initiator pays and which bears the risk of ‘griefing’ — this is what a bad actor does to harm users of the ecosystem. The theory goes that the person behind an attack can make the initiator of the transaction, a crypto exchange in this case, pay for an arbitrary computation, unless the exchange has gas limits activated.

Potentially, a dirty player can mint a great amount of Gas when he or she receives Ether, making this griefing attack and giving them a huge profit.

Related

Advertisement

All ETH tokens are vulnerable

The worst part of this is that it is not only ETH that can be used for the illegal minting of Gas. The bug can also spread its effect on all other ETH-based tokens, such as ERC721 or ERC20-based ones. If exchanges do not implement a gas limit for transactions when it comes to contract calls for transfers, they are at a risk of having to pay for a great volume of computation.

Disaster prevented

Per Level K, slightly over a week ago private messages were sent to the trading platforms that could potentially suffer from this weak point in the Ethereum protocol to notify them of the possible danger. They have all now installed patches to eliminate the bug.

The developer in question has also posted additional info and a complete description of the threat, as well as what has been done to eliminate it.

Related articles

Advertisement
TopCryptoNewsinYourMailbox
TopCryptoNewsinYourMailbox
Advertisement
Advertisement

Recommended articles

Latest Press Releases

Our social media
There's a lot to see there, too

Popular articles

Advertisement
AD