Level K, Ethereum Dapp and Smart Contract development company revealed the security weakness of potential GasToken the Ethereum Framework. The vulnerability comes when ethereum is transferred to an address and then it is able to implement arbitrary computations that the originator of the transaction pays for. The risk of a causing a damage to the network users arises here. To be precise, the attacker is able to make the originator of the transaction (a person or an exchange) pay a random number of figure if there are no protections in place such as gas limits.
Vulnerability in all Ethereum Based Tokens
The following vulnerability is not only in Ethereum but also in all ethereum based tokens (ERC20 and ERC721). The cryptocurrency exchanges that have not made gas limit protection (not setting a gas limit for transactions) shall end up spending a massive amount of figure in terms of gas fee.
Understanding the threat through a hypothetical example:
Supposedly, Mr. A runs a cryptocurrency exchange and Mr. B is the attacker. Mr. B can withdraw funds to an address which he controls through a computationally intensive fallback function. If A has not set up a gas limit on the exchange, the transactional fee is paid through the exchange’s hot wallet. With a number of transactions, Mr. B can pull out a good number of funds from A’s exchange wallet. Also if there is no KYC policy on A’s exchange, then B can create ‘N’ number of accounts on the exchange to avoid the daily withdrawal limit per account. Mr. B can also make profits by minting GasToken in his fallback function and create funds by pulling money out of A’s exchange wallet.
Will the rising vulnerabilities and hacks in the ethereum blockchain, what do you think about the future of Ethereum Dapps? Tell us in the comments section below.
