1 min readApr 25, 2018
Nice writeup! I think it’s worth noting that batchTransfer
isn’t a standard ERC20 function so only the contract owners which chose to implement it could be effected. Couple of questions:
- Since
batchTransfer
isn’t a standard implementation, did the other contracts you found share the same implementation or were they slightly different but vulnerable to the same exploit? - If they were the same do you have any idea of the origin of the function? I tried to find any reference to a
batchTransfer
implementation in zeppelin-solidity but there is none, as an example.
I’ve got a feeling that this could be something like an outsourced company who’s creating tokens for new companies with a vulnerable template.