Multiple exchanges suspend all ERC20 token deposits this Wednesday after discovering what developers say is a ‘new smart contract bug’.
OKEX, Poloniex, and Huobi Pro are coming down on ERC20 tokens due to a new bug, batchOverflow. These tokens make up for nearly 90% of all the coins out there on the market, making the bug a threat on a global scale.
By exploiting the bug, attackers can generate an extremely large amount of tokens, and deposit them into a normal address. This makes many of the ERC-20 tokens vulnerable to price manipulations of the attackers. To protect public interest, we have decided to suspend the deposits of all ERC-20 tokens until the bug is fixed. Also, we have contacted the affected token teams to conduct investigation and take necessary measures to prevent the attack.
It took exchanges nearly a day to react to the problem?—?the first sightings of the bug appeared on Tuesday.
In the early afternoon, PeckShield detected an unusual MESH token transaction. In this instance, someone transferred a large amount of MESH token to themselves, accompanied by a huge fee.
Another case occurred with the SMT token in the evening, displaying the same attack pattern. Looking into the corresponding smart contract, PeckShield discovered that the proxyTransfer()function has a classic integer overflow problem.
But does this mean that any ERC20 token is in danger? Not necessarily. TOKPIE remains calm among the market panic. Here’s CEO Vasilii Silin’s comment on the matter:
“Firstly, we don’t have the batch transfer function that hackers would use. Secondly, we don’t have an obvious * multiplication, instead we do everything through the mul function. Thus, our token is completely safe from this bug.”
These are the ERC20 tokens affected so far, according to reports: MESH, UGToken, SMT, SMART, MTC, FirstCoin, GG Token, CNY Token, and CNYTokenPlus. In the meantime, we advise readers to be careful and always perform a thorough and comprehensive audit of smart contracts before deployment.