Today, April 25th, the third largest cryptocurrency exchange by trading volume, OKEx, announced that all ERC-20 token deposits have been suspended.
The move comes after developers discovered an Ethereum Smart Contract bug called BatchOverflow which permits those who exploit the bug to issue an almost unlimited number of new tokens. In turn, the newly minted tokens can then be deposited into other asset wallets. ‘This makes many of the ERC-20 tokens vulnerable to price manipulations of the attackers,’ the OKEx team wrote.
Ethereum Smart Contract Bug: BatchOverflow
The issue was first reported in a Medium post published by OKEx three days ago. The post explained that the bug is a classic integer overflow issue, which occurs when any operation uses a numerical value outside the range that can be represented with the allocated number of bits. In detailing the problem, OKEx’s post also included a proof-of-concept which showed how an unlimited number of tokens can be generated from any vulnerable ERC-20 contract.
The post reads: “To protect public interest, we have decided to suspend the deposits of all ERC-20 tokens until the bug is fixed. Also, we have contacted the affected token teams to conduct investigation and take necessary measures to prevent the attack.”
It’s still unclear how many ERC-20 tokens are vulnerable to this bug, or which ones specifically are affected. As
Discussion about this post