Why some ERC-20 tokens are vulnerable
On April 25 many of you heard and read that a vulnerability was discovered in smart contracts of some ERC-20 tokens, that allows fraudsters to generate huge amounts of tokens and send them to regular addresses. Due to a critical vulnerability, the deposit and withdrawal of deposits in the ERC-20 tokens was suspended by the OKex, Huobi Pro, Changelly, Poloniex, HitBTC, Quoine exchanges.
According to available information the following tokens are in the risk zone: MESH, UGToken, SMT, SMART, MTC, FirstCoin, GG Token, CNY Token, CNYTokenPlus.
On behalf of Tokenbox we would like to report that the TBX tokens’ smart contract does not contain this vulnerability, as well as the smart contract that is used to tokenize funds at The Token Fund.
Based on the “code-law” principle in Ethereum blockchain, there is still no mechanism that could eliminate the vulnerabilities of these smart contracts. Elimination of consequences requires coordination and support from all ecosystem members. At the same time, it is important to conduct a thorough and comprehensive review of smart contracts before they are deployed at the network.