Audit Gives Binance-Listed ERC20 Tokens Clean Bill of Health from ‘batchOverflow’ Bug

Audit Gives Binance-Listed ERC20 Tokens Clean Bill of Health from ‘batchOverflow’ Bug

Smart contract security firm Quantstamp has given Binance-listed ERC20 tokens a clean bill of health after conducting an audit to determine whether any of the exchange’s listed assets were subject to the recently-discovered batchOverflow and proxyOverflow vulnerabilities.

Quantstam released its audit report in late April, confirming that no ERC20 token currently listed on Binance — the world’s largest cryptocurrency exchange — is subject to the vulnerabilities, which allow attackers to essentially print tokens out of thin air.

“Quantstamp shares Binance’s safety-first philosophy in protecting their customers and supports the exchange’s ambitions to create the gold standard in security for the mass adoption of digital currencies, said Richard Ma, CEO of Quantstamp. “In light of the recent vulnerabilities, we are proud to have assisted Binance in its mission to help protect their token holders and the wider Ethereum community.”

As CCN reported, the vulnerability is believed by researchers to affect about a dozen tokens, whose developers utilized a function — batchTransfer — that was not included in the ERC20 token standard.

Attackers were able to exploit the function with a type of integer overflow error, which essentially means that they attempted to store more data in a variable than its data type would allow. Since the contracts did not have a provision to prevent this occurrence, the attackers successfully created an additional supply of tokens far in excess of the token’s original supply.

At least several of these tokens were listed on high-profile cryptocurrency exchanges, so these trading platforms were forced to suspend deposits — OKEx even went so far as to temporarily suspend all ERC20 token deposits while it investigated the issue — and in some cases roll back trades.

Quantstamp said that it has contacted all affected tokens and has offered to assist with addressing the issue at cost.

“We won’t be making a profit from our effort to make the Ethereum ecosystem more secure,” the company said.

• Join CCN's crypto community for $9.99 per month, click here.
• Want exclusive analysis and crypto insights from Hacked.com? Click here.
• Open Positions at CCN: Full Time and Part Time Journalists Wanted.
30.07.2018 / 00:00 82
Binance ERC20 Token Audit Confirms They are Safe to Trade Binance ERC20 Token Audit Confirms They
It has been an interesting week for all ERC20 tokens. Despite their popularity, a fair few tokens were vulnerable to a recently documented exploit.
Exchanges Suspend ERC20 Token Deposits After Discovery of Smart Contract Bug Exchanges Suspend ERC20 Token Deposits
Ethereum’s smart contract bugs just keep on coming. Exchanges including Okex, Poloniex, Coinone, and Hitbtc today suspended deposits of ERC20 tokens
OKEx: Ethereum Smart Contract Bug Causes Temporary Suspension of ERC-20 Deposits OKEx: Ethereum Smart Contract Bug
Today, April 25th, the third largest cryptocurrency exchange by trading volume, OKEx,announced that all ERC-20 token deposits have been suspended.
OKEx Suspends ERC20 Deposits on Discovery of Critical Ethereum Smart Contract Bug OKEx Suspends ERC20 Deposits on
Cryptocurrency exchange OKEx has suspended deposits of all ERC20 tokens after the alleged discovery of a serious bug in at least 12 smart contracts
Ethereum Blockchain ERC20 Tokens To be Supported by Coinbase Ethereum Blockchain ERC20 Tokens To be
One of the leading crypto-exchange platforms with HQ in the US – Coinbase has declared that it is planning to create a supportive infrastructure for
Comments (0)
Add a comment
Comment on