Several cryptocurrency exchanges on blocked Wednesday suspended the deposit and/or withdrawal of ethereum-based ERC-20 tokens over a new smart contract bug, batchOverFlow.
OKEX suspend ERC-20 deposits; others follow
In a notice on its support page, Hong Kong-based cryptocurrency exchange suspended deposits on all ERC20 tokens after its developers discovered a new smart contract bug. The exchange explained that the bug, BatchOverFlow, allowed malicious parties to “generate an extremely large amount of tokens, and deposit them into a normal address.” The developers warned that the bug made the tokens vulnerable to price manipulations by attackers.
Soon after OKEX’s announcement, Poloniex, Coinone, Hitbtc, Changelly, QUOINE and other exchanges announced similar suspensions for ERC20 tokens until the bug was fixed. Poloniex suspended both deposits and withdrawals of the ethereum based tokens while HiBtc exchange initiated an internal inspection which conducted transactions offline in the interim.
We've temporarily suspended ERC-20 token deposits and withdrawals while we review all smart contracts for exposure to the reported batchOverflow bug. We take any reports of vulnerabilities very seriously to ensure that customer funds remain safe. Thank you for your patience!
— Poloniex Exchange (@Poloniex) April 25, 2018
Deposits and withdrawals for ERC-20 tokens have now been re-enabled.
— Poloniex Exchange (@Poloniex) April 25, 2018
A Blockchain Security Startup, Peckshield wrote in a blog post that on Apr 22 that it had identified the batchOverflow bug in an unusual transfer of Beautychain (BEC) tokens. The post titled “New batchOverflow Bug in Multiple ERC20 Smart Contracts” described how the bug allows an attacker to possess huge amounts of tokens which it noted could allow for price manipulation since the amount may be more than the volume in circulation. The author expressed fears that the tokens may be exchanged for other bitcoin, other coins or even USD in non-centralized exchanges that use offline trading services.
The bugging problem of smart contracts bugs
A report by researchers in UK and Singapore in March claimed that about 34,000 ethereum smart contracts were vulnerable to exploitation. The researchers said that the vulnerable smart contracts, which contained ETH valued at about $4.4 million in ETH, represent 3.4% of all smart contracts at the time. Bad codes have also led to the loss of about $500 million worth of token the most notable case being the Parity loss.
Solomon Sunny is the market reporter for Smartereum, one of the global leaders in Ethereum, blockchain and currency news. He produces technical price updates on digital currencies and writes recent developments about blockchain.
