- A number of cryptocurrency exchanges have suspended trading of ERC20 Token.
- A potential new smart contract bug called batchOverFlow triggered this action.
Crypto World: Report reaching Cryptona.co revealed that multiple cryptocurrency exchanges have suspended the trading of ERC-20 Token due to the discovery of a potential bug. Poloniex cryptocurrency exchange has suspended deposits and withdrawals of all ERC-20 (Ethereum-based) tokens, HitBTC exchange has begun an internal investigation that took deposits and transfers of ERC-20 tokens offline, and OKEX has concluded its decision to stop the deposit of ERC-20 earlier today after a potential new smart contract bug called batchOverFlow was discovered.
We've temporarily suspended ERC-20 token deposits and withdrawals while we review all smart contracts for exposure to the reported batchOverflow bug. We take any reports of vulnerabilities very seriously to ensure that customer funds remain safe. Thank you for your patience!
— Poloniex Exchange (@Poloniex) April 25, 2018
Due to a potential issue detected in ERC20 smart contracts, we initiated an internal inspection. All deposits and transfers on ERC20 tokens will be getting online in accordance with the results of the inspection. Please refer to the System Health page for online status.
— HitBTC (@hitbtc) April 25, 2018
A Medium user, Ranimes, on 23rd April posted a blog titled, “New batchOverflow Bug in Multiple ERC20 Smart Contracts.” The blog detailed how “a previously unknown vulnerability in the contract” made it possible for “an attacker to possess a huge amount of tokens by exploiting these vulnerable contracts.”
The blog added that, due to the “code-is-law” principle which is utilized on the Ethereum Blockchain, “there is no traditional well-known security response mechanism in place to remedy these vulnerable contracts.”
Ranimes noted that developers that work with the contract with this vulnerability have been contacted, however, “other exchanges also need to be coordinated and there still exist other tradable tokens vulnerable to batchOverflow.” The post also mentioned that non-centralized crypto exchanges who employ offline trading services could be faced with another problem “as they cannot even stop attackers from laundering their tokens.”
John Huxtable, another Medium user posted a blog that he believes that “it’s worth noting that batch Transfer isn’t a standard ERC-20 function so only the contract owners which chose to implement it could be affected.”
The present problem with some ERC-20 tokens occurs just after MyEtherWallet announced yesterday that about $150k worth of Ether was stolen in a DNS hack.