GasToken based on Ethereum may have seen many bad guys take advantage of it to clear the hot cryptocurrency portfolio or even mint new tokens to make a profit.
According to a recently published disclosure, the error mainly concerns exchanges of digital currencies that do not determine the ability to use gas at the time of currency withdrawal. Exchanges could massively pay off the gas commissions to drain portfolios after someone has withdrawn the tokens.
In the description it states:
"In the simplest exploit scenario, Alice handles an exchange, which Bob wants to damage.Bob can initiate withdrawals to a contract address that he controls with a computationally intense fallback function.If Alice has neglected to set a reasonable gas limit, she will pay transaction fees from his hot wallet Given enough transactions, Bob can empty Alice's funds. "
If cryptocurrency exchanges do not require knowledge of customer controls, this will add an attacker to circumvent the withdrawal capacity. The most experienced actors could implement a "tax" on transactions and create new tokens for profit.
As reported by CryptoGlobeIt is worth noting that the technical problem seemed to affect only those who initiate Ethereum transactions and not those who process them. With this, decentralized trade in cryptocurrencies like ForkDelta and other smart contract-based exchanges that process payments initiated by users will not be affected.
Currently, it is not known how many exchanges (if any) have been affected by the technical problem. The researchers who captured it privately revealed the vulnerability discovered at the end of last month. This was before it was made known to the public and contacted any exchanges that might be interested.
In order to ensure that their funds are secure, exchanges have been informed that they should incorporate reasonable gas limits on withdrawals. The researchers also warned that the affected platforms should potentially examine their records as "the attacks may have discovered vulnerability".
Obtaining more security measures, the researchers said:
"In the long run, contracts that implement ERC721, ERC777 and ERC677 should restrict the use of gas when making calls to unknown addresses, or the front end of decentralized applications that use these contracts can alert users when an unusually large amount of gas is used. "
What are your thoughts? Let us know what you think in the comments below!