Cryptocurrency Exchanges Halt ERC20 Token Trading Due To BatchOverFlow Bug

A new bug wandering around the blockchain is creating trillions of Ethereum smart contracts and is affecting ERC20 tokens and cryptocurrency exchanges alike. The bug dubbed as “batchOverFlow” is facilitating the creation of unlimited amount of tokens, thus making ERC20 token vulnerable to price manipulations from attackers. A vulnerable function was located in the batchTransfer

A new bug wandering around the blockchain is creating trillions of Ethereum smart contracts and is affecting ERC20 tokens and cryptocurrency exchanges alike. The bug dubbed as “batchOverFlow” is facilitating the creation of unlimited amount of tokens, thus making ERC20 token vulnerable to price manipulations from attackers. A vulnerable function was located in the batchTransfer for the creation of multiple tokens in a single transfer.

The bug was first recounted April 22nd, when 115 octodecillion Beauty Coins (BEC) were created in two transactions. At the time, BEC was trading at $0.32 per token, which makes the total dollar value of the transaction around $3.7 novemdecillion.

Then a vulnerability in the SmartMesh contract was found which allowed someone to create 10 quadrillion SMT tokens worth more than 877 trillion USD.

Multiple Cryptocurrency exchanges have halted or suspended the trade of ERC20 tokens within their platform until further notice. Huobi Pro was one of the first to tackle the problem, suspending deposits and withdrawal of all coins, then subsequently allowing non-ERC20 tokens to be deposited/withdrawn. Other exchanges such as Poloniex, Changelly, HitBTC followed with a similar response. Here are some of the announcements made from their Twitter feed:

Huobi Pro

“Huobi Pro now has lifted the suspension of the deposit and withdrawal of non-ERC20 tokens. 
We will be announcing via another announcement for ERC20 tokens’ suspension lifting. We apologize for any inconvenience caused during this period.”

Poloniex

“We’ve temporarily suspended ERC-20 token deposits and withdrawals while we review all smart contracts for exposure to the reported batchOverflow bug. We take any reports of vulnerabilities very seriously to ensure that customer funds remain safe. Thank you for your patience!”

Changelly

“Dear Customers, ERC20 tokens are temporarily unavailable due to an exploit check. We will bring them back, once we are sure there is no vulnerability in deposits received. Follow the updates!”

According to the Irish Tech News, the following ERC20 tokens have been affected by the batchOverflow bug: MESH, UGToken, SMT, SMART, MTC, FirstCoin, GG Token, CNY Token, and CNYTokenPlus.

Cryptocurrency exchanges are working around the clock to protect users funds and are looking for ways to solve the problem and make sure such vulnerability doesn’t happen again in the future.


Originally published at ebitnews.com on April 27, 2018.