Blockchain-based security startup Peckshield stumbled upon a critical vulnerability in Ethereum smart contracts (based on the ERC20 protocol).
Researchers stated that the error was found in tokens such as UGToken, SMART, MTC, FirstCoin, GG Token, CNY Token and SMT tokens in their study.
>
According to the researchers, this error allows attackers to transfer large amounts of tokens to an address with zero balance.. This can cause the owner of the sending account to incur hefty fees.
PeckShield emphasizes that while Ethereum has traditional mechanisms to protect against such situations, thorough auditing of smart contracts is extremely important.
The company said that as an appropriate way to get rid of these weaknesses and disruptive effects, members in this ecosystem, especially digital asset exchanges, should coordinate and support each other. .
Cryptocurrency exchanges such as Poloniex, HitBTC, OKex and Huobi Pro have suspended trading of ERC20 tokens. Poloniex and HitBTC re-activated transactions after a while.
Researchers said that some affected tokens (such as gate.io, HitBTC, YoBit, and CoinExchange) may still be traded on some exchanges.
This error occurs. Not the first bug researchers have come across in Ethereum-based smart contracts. Blockchain analysts had previously warned of more than 30,000 faulty smart contracts on the Ethereum Network.
In fact, a month ago Coinbase suffered from a similar issue that allowed users to reward themselves with practically infinite amounts of Ethereum.