Multiple exchanges suspend all ERC20 token deposits this Wednesday after discovering what developers say is a ‘new smart contract bug’.
OKEX, Poloniex, and Huobi Pro are coming down on ERC20 tokens due to a new bug, batchOverflow. These tokens make up for nearly 90% of all the coins out there on the market, making the bug a threat on a global scale.
OKEX cited ‘public interest’ in their statement as the reason behind halting all ERC20 deposits.
By exploiting the bug, attackers can generate an extremely large amount of tokens, and deposit them into a normal address. This makes many of the ERC-20 tokens vulnerable to price manipulations of the attackers. To protect public interest, we have decided to suspend the deposits of all ERC-20 tokens until the bug is fixed. Also, we have contacted the affected token teams to conduct investigation and take necessary measures to prevent the attack.
Shortly after, Huobi Pro issued their notice, and Poloniex announced they’re suspending transactions via their official Twitter account.
It took exchanges nearly a day to react to the problem?—?the first sightings of the bug appeared on Tuesday.
In the early afternoon, PeckShield detected an unusual MESH token transaction. In this instance, someone transferred a large amount of MESH token to themselves, accompanied by a huge fee.
Another case occurred with the SMT token in the evening, displaying the same attack pattern. Looking into the corresponding smart contract, PeckShield discovered that the proxyTransfer()function has a classic integer overflow problem.
But does this mean that any ERC20 token is in danger? Not necessarily. TOKPIE remains calm among the market panic. Here’s CEO Vasilii Silin’s comment on the matter:
“Firstly, we don’t have the batch transfer function that hackers would use. Secondly, we don’t have an obvious * multiplication, instead we do everything through the mul function. Thus, our token is completely safe from this bug.”
These are the ERC20 tokens affected so far, according to reports: MESH, UGToken, SMT, SMART, MTC, FirstCoin, GG Token, CNY Token, and CNYTokenPlus. In the meantime, we advise readers to be careful and always perform a thorough and comprehensive audit of smart contracts before deployment.
More about Irish Tech News
Irish Tech News are Ireland’s No. 1 Online Tech Publication and often Ireland’s No.1 Tech Podcast too.
You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news
If you’d like to be featured in an upcoming Podcast email us at [email protected] now to discuss.
Irish Tech News have a range of services available to help promote your business. Why not drop us a line at [email protected] now to find out more about how we can help you reach our audience.
You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.