Ethereum Smart Contract Bug Discovered, OKEx Halts ERC20 Trades

All News All News Except Press Releases Crypto ICO

OKEx, a Hong Kong digital asset exchange has suspended all ERC20 token deposits on April 25 after the discovery of a BatchOverFlow bug with Ethereum smart contracts. According to OKEx, the bug  enables hackers to “generate an extremely large amount of tokens, and deposit them into a normal address.” This vulnerability, by extension, would enable malicious parties to manipulate the prices of ERC20 tokens. OKEx will enable ERC20 trading pairs again only after the bug is fixed.

This is not the first time a bug has been discovered, and it will not be the last. Such is the case with any relatively new technology. On April 24, MyEtherWallet’s DNS servers were hijacked, and on April 6, there was a 51% attack on Verge which forced a hard fork. While these attacks were vastly different problem, the potential outcome of crypto holders losing money to bad actors is very much the same.

As part of the debugging process, OKEx states that it has contacted all of the affected token teams for digital assets traded on their exchange. The assumption would be that these teams would take the necessary measures to prevent attacks of this nature.

OKEx is the third largest digital currency exchange in the world by trade volume, according to CoinMarketCap. The top coins according to total volume traded on their platform include EOS, Bitcoin, Ethereum, Bitcoin Cash, Litecoin, Ethereum Classic and Mithril.

In the OKEx blog post on this topic, the company is interested in protecting the public interest. They have notified customers who have already made deposit requests to let them know that their funds will not be lost, and will arrive safely after a solution is found.

Ethereum-based tokens are reported to hold a 91% marketshare of all crypto-assets traded as of January 12, 2018. Put into perspective, these ERC20 tokens grew from a total market cap of under $4 billion on July 2, 2017, to over $68 billion on January 12, 2018. This no doubt is attributed to the explosion of the ICO market and most tokens being built on ERC20, rather than alternatives such as Stellar Lumens and Neo. It is possible that this may change, particularly since such bugs have not been discovered in recent days as they have been discovered on the ERC20 platform. Their discovery however, will inform future development of these alternative platforms.

Besides MyEtherWallet, there are a number of off-chain applications designed to work with ERC20 tokens. Some of these include jWallet and Cipher Browser. On-chain dApps include a number of decentralized cryptocurrency exchanges including EtherDelta and others that are still in development, such as Ethfinex, Radar Relay and The Ocean. Lending dApps include EtherLend, and Lendroid.

As demand for ERC20 tokens grow, centralized exchanges like Binance have created processes to fast-track their integration, giving ICOs further incentives to build on ERC20 rather than the other options.

While the bug as reported by OKEx is concerning, the fact is that the Ethereum developer community is among the largest open source communities in the world. We can therefore expect a fast fix that will get OKEx back up and running in this arena. The only question at this point is, why haven’t other exchanges also paused trading ERC20 tokens, and what does that translate to in terms of risk to investors?

Facebook Comments