A recent vulnerability in the Ethereum network could have allowed hackers to make huge profits from the trade in cryptocurrencies that have not set a gas usage limit.
A critical vulnerability
A group of researchers discovered a vulnerability in Ethereum that allowed attackers to drain trades by burning their ETH with high transaction costs or directly benefiting from the GasToken coinage.
The report specifies that exchanges that allow parties to withdraw ETH from arbitrary addresses without setting a gas usage limit may have been exposed to higher transaction fees. According to the document, there are two different options to exploit this vulnerability.
The first option would allow the hacker to drain the unprotected exchange by charging him for large amounts of transaction fees. The second option would allow the aggressor to coin GasToken for substantial profits simply by imposing a small amount of GasToken as a tax for "naive users".
Problems allegedly resolved
Reportedly, the vulnerability only affected exchanges that initiate Ethereum transactions and not those that process them. Furthermore, the report confirms that decentralized trade, as well as other locations operating on smart contractual transactions initiated by users, have remained unaffected. The report also highlighted that blockchains based on EVM and Ethereum Classic could be affected.
According to the official average publication, researchers have already linked a large part of the affected exchanges that allegedly patched the vulnerability.
In addition, the researchers provided trade recommendations to implement the gas limits on all transactions.
Implement reasonable gas limits on all transactions. If expensive transactions are made, make sure that the user bears the cost. The taxes for a given withdrawal should always cover the necessary gas. – read the report.
What do you think of the newly discovered vulnerability and the lack of protection in certain exchanges? Do not hesitate to let us know in the comments below!
Images courtesy of bitcoinist archives, Shutterstock.