This week, deposits of ERC20 tokens have been suspended from many cryptocurrency trading exchanges, including Poloniex, and Coinone after a batch of overflow bug inscribed in the smart contracts controlling an abundance of cryptocurrency coins was discovered.
Researchers found earlier this year that 34,000 ethereum smart contracts – contracts which enforces the terms of a contractual relationship using a cryptographic code – are susceptible to bugs in the system. This week Peckshield, a blockchain security company, released a post which picks on one specific bug which affects ERC20 smart contracts. The post calls out the batch overflow bug which leaves contracts vulnerable to attackers who can use the bug to create a massive amount of tokens and send them to a normal wallet address.
Peckshield has said that at the time of the announcement, they had “made efforts to contact the teams who own these vulnerable contracts”. Despite this, though, the security company added that because of the “touted “code-is-law” principle in Ethereum blockchain, there is no traditional well-known security response mechanism in place to remedy these vulnerable contracts”.
This has led to a number of exchanges suspending the deposits of all ERC20 tokens until the bug is fixed. OKEx, a top cryptocurrency exchange based in Belize, announced the suspension with an announcement saying that the pause is “due to the discovery of a new smart contract bug” dubbed ‘BatchOverFlow’.
— OKEx (@OKEx_) April 25, 2018
Adding in that attackers are able to exploit the bug whereby they “can generate an extremely large amount of tokens” and that this “makes many of the ERC-20 tokens vulnerable to price manipulations of the attackers” the exchange offered that the suspension comes in order to protect public interest. OKEx also said that they had contacted the impacted token teams to launch an investigation and set up necessary courses of action in order to prevent any attacks.
There are also other tokens affected by the bug, such as the Beautychain (BEC) token which has its team trying to sort the bug, saying that they are running their system to analyze other contracts.