0
📰 News
118 views

Ethereum’s Gas Contains Bug Allowing Hackers to Mint Extra Tokens

  • Yuri Molchan
    📰 News

    On Wednesday, an ETH smart contract developer announced it spotted a vulnerability in the network that lets ill-doers mint a large amount of Gas as they receive ETH

Ethereum’s Gas Contains Bug Allowing Hackers to Mint Extra Tokens
Cover image via u.today
Contents

A company-developer dubbed Level K found the vulnerability and made it public knowledge in its blogpost, saying that it had also notified as many crypto exchanges as possible, warning them of the danger. Level K also reports that the exchanges have installed software patches to protect themselves.

What risks the bug bears for the network

The weakness is activated when ETH is transferred to a wallet that can afterwards conduct arbitrary computations for which the operation initiator pays and which bears the risk of ‘griefing’ — this is what a bad actor does to harm users of the ecosystem. The theory goes that the person behind an attack can make the initiator of the transaction, a crypto exchange in this case, pay for an arbitrary computation, unless the exchange has gas limits activated.

Potentially, a dirty player can mint a great amount of Gas when he or she receives Ether, making this griefing attack and giving them a huge profit.

👉MUST READ

Coinbase's Policy Officer Leaves the Exchange

Coinbase's Policy Officer Leaves the Exchange

All ETH tokens are vulnerable

The worst part of this is that it is not only ETH that can be used for the illegal minting of Gas. The bug can also spread its effect on all other ETH-based tokens, such as ERC721 or ERC20-based ones. If exchanges do not implement a gas limit for transactions when it comes to contract calls for transfers, they are at a risk of having to pay for a great volume of computation.

Disaster prevented

Per Level K, slightly over a week ago private messages were sent to the trading platforms that could potentially suffer from this weak point in the Ethereum protocol to notify them of the possible danger. They have all now installed patches to eliminate the bug.

The developer in question has also posted additional info and a complete description of the threat, as well as what has been done to eliminate it.

Only the most important posts per day. Infographics, analytics, reviews & summaries. Join our Telegram channel!

About the author

Yuri is a journalist interested in technology and technical innovations. He has been in crypto since 2017. Believes that blockchain and cryptocurrencies have a potential to transform the world in the future. ‘Hodls’ cryptocurrencies. Has written for several crypto media. Currently is a news writer at U.Today.

👓 Recommended articles

This site uses cookies for different purposes. Please set your preferences in Cookie Settings and visit our Cookie policy for more information on how and why cookies are used on this site. Click here for cookie policy

Cookie settings