A company specializing in the development of smart contracts, revealed a flaw in the GasToken. Attackers can take advantage of these by getting exchanges to mine GasToken. The team has contacted the initiators of GasToken directly to prevent an exploit. So far, there are no reports that malicious actors have exploited the vulnerability.
How does this work?
The GasToken is an Ethereum Token created as part of the IC3 Initiative. It is an association of researchers from various universities working on solutions to help cryptocurrencies and smart contracts meet industry demands. The GasToken is designed to solve the problem that the gas costs associated with running Smart Contracts are difficult to predict. The solution: You use a special Ethereum feature, the Memory Refund. This rewards a smart contract with a gas reimbursement if unnecessary memory variables are deleted and thus less space is consumed on the blockchain.
Potential attackers could have used the vulnerability discovered by the researchers, inter alia, to pay Ethereum on a contract, with a special function GasToken be minted. Basically all stock exchanges that themselves initiate Ethereum transactions and have not set a gas limit for transactions are affected.
The vulnerability was discovered by Level K employees and tested on a real exchange. After another successful attempt, the IC3 Initiative was contacted on November 2 to work together to ensure that the vulnerability was promulgated. According to their own statements even the Ethereum veterans Vitalik Buterin and Hudson Jameson were notified and asked for support. After the team was still busy for about a week to collect the contact information for security officers of the major stock exchanges, the weakness was announced in a small circle. The crowd was only on November 21st by the vulnerability reported so now no market should be vulnerable.
Categories: Crypto Currency