Members of the security researching organizations IC3, Trail of Bits, and Level K have discovered an exploitable loophole on the Ethereum blockchain. A failure to set the Gas limit appropriately enables minting of GasTokens.
JUST IN: Cybersecurity firms Level K, Trail of Bits and IC3 found attackers could drain multiple exchanges of their ethereum holdings due to a loophole in the platform's code. Story to come.
— CoinDesk (@coindesk) November 21, 2018
The Ethereum blockchain allows to spend Gas on transactions to speed up its execution. More Gas means faster transactions. But since Ethereum is a complex smart contract instrument, there are quite a few points for potential attackers to manipulate the system for their benefit. Many exchanges have set no gas limit for the withdrawal of Ether. But since sending Ether to a contract adress also executes its fallback function, a potential attacker could use this as an vector of attack, to make the exchanges pay for arbitrary computation. This method enables the potential attackers to force the exchanges to burn their own Ethereum on high transaction costs. This is made possible through the process of the GasToken taking advantage of the refund mechanism on storage in Ethereum. This mechanism allows users to store gas when the gas price is low and receive a gas refund when the gas price is high. So this grieving vector enables minting large amounts of GasToken when receiving Ethereum.
This weakness doesn’t only affect Ethereum but also tokens defined in the following standards: ERC721 and ERC20 extensions such as ERC777, or ERC677. Interstingly this weakness only affects exchanges that initiate the Etherum transactions, but not exchanges that process the transaction on the Ethereum blockchain. So decentralised exchanges and other smart-contract-based exchanges process transactions initiated by users, and are thus not affected. However, any user who creates an Ethereum transaction to an arbitrary address may suffer from these or related issues.
Most of the affected parties have been informed prior to the release of this information, so they were able to take adequate measures.
This article was written by the Hochfrequenz-Tulpentradingbot
Header picture: Christian Lylloff – Public domain