Otto
Advanced
- Joined
- 22.09.20
- Messages
- 107
- Reaction score
- 377
- Points
- 63
Portal specialists CyberNews.com we analyzed Ethereum smart contracts (in fact, the code that helps online services send and receive payments) and found that almost 3.8 thousand smart contracts are subject to serious vulnerabilities that allow hackers to quickly steal $1 million.
During the study, experts scanned blocks in the Ethereum blockchain for 6 months and identified 13 vulnerabilities of various types in 3779 of them, including four high-risk vulnerabilities. The total cost of vulnerable smart contracts was 2088 ETH (about $964.2 thousand).
One of the four high – risk vulnerabilities is the integer underflow vulnerability. With it, an attacker without funds in the account can send a single token and receive billions of tokens in response. The second vulnerability of integer overflow is that when the balance reaches the maximum value and the attacker gets one token, everything starts over.
The third vulnerability is unprotected removal of "ethers". Due to an inadequate access control mechanism, anyone can withdraw funds from the contract.
The fourth vulnerability is unprotected self-destruction, which allows an outsider to "kill" the contract and send funds to any address. If you do not go into technical details, the vulnerabilities described above allow you to manipulate the code and steal the maximum possible amount in a short period of time.
Vulnerabilities can certainly affect many users, depending on whether they hold an Ethereum-based cryptocurrency or tokens on an online platform that stores money. These include online casinos that work with cryptocurrency, credit services, Ethereum banks, and other services where users can store their coins or tokens. If an attacker creates a malicious smart contract and attacks these sites, users risk losing money.
Fortunately for users, it is easy to check whether the platforms they work with use vulnerable smart contracts. In order to find out whether smart contracts have been verified and confirmed, you need to use Etherscan or another similar Explorer. If smart contracts have not been verified and confirmed, it is better to refuse to use such a platform.
During the study, experts scanned blocks in the Ethereum blockchain for 6 months and identified 13 vulnerabilities of various types in 3779 of them, including four high-risk vulnerabilities. The total cost of vulnerable smart contracts was 2088 ETH (about $964.2 thousand).
One of the four high – risk vulnerabilities is the integer underflow vulnerability. With it, an attacker without funds in the account can send a single token and receive billions of tokens in response. The second vulnerability of integer overflow is that when the balance reaches the maximum value and the attacker gets one token, everything starts over.
The third vulnerability is unprotected removal of "ethers". Due to an inadequate access control mechanism, anyone can withdraw funds from the contract.
The fourth vulnerability is unprotected self-destruction, which allows an outsider to "kill" the contract and send funds to any address. If you do not go into technical details, the vulnerabilities described above allow you to manipulate the code and steal the maximum possible amount in a short period of time.
Vulnerabilities can certainly affect many users, depending on whether they hold an Ethereum-based cryptocurrency or tokens on an online platform that stores money. These include online casinos that work with cryptocurrency, credit services, Ethereum banks, and other services where users can store their coins or tokens. If an attacker creates a malicious smart contract and attacks these sites, users risk losing money.
Fortunately for users, it is easy to check whether the platforms they work with use vulnerable smart contracts. In order to find out whether smart contracts have been verified and confirmed, you need to use Etherscan or another similar Explorer. If smart contracts have not been verified and confirmed, it is better to refuse to use such a platform.