the Level-K staff discovered a vulnerability in GasToken, with the attacker, the Token of exchange mines. The Team has been in collaboration with IC3-researchers a quick and responsible communication is the weak point.
By Michele Troccolo
24. November 2018 share Facebook Twitter LinkedIn xing mail
On the 21. November Level K, a on the development of Smart Contracts-specialized companies, a weak point in the GasToken open. Attackers can exploit these by matching exchanges, mines GasToken. The Team has set itself directly with the initiators of GasToken to prevent an Exploit. So far there are no reports of that malicious actors have exploited the vulnerability.
How does it work?
The GasToken is a Ethereum Token that is part of the IC3 Initiative. It is a consortium of researchers from various universities that are working on solutions, with the help of crypto-currencies and Smart Contracts to the requirements of the industry. The GasToken to solve the Problem that the Gas costs incurred for the execution of Smart Contracts, are hard to predict. The solution: a special Ethereum-function use, namely the storage refund. This rewards a Smart Contract with a Gas refund, if unnecessary storage variables are deleted and therefore less space on the Blockchain is consumed.
Potential attacker would have to be gemint can use the from the researchers discovered vulnerability to, among other things, to Ethereum is a Contract to pay, with the special function GasToken. This basically affects all exchanges, to initiate self-Ethereum transactions and no Gas-Limit for transactions.
Model disclosure
The weak point was at 30. October of Level-K staff discovered and a real exchange to be tested. According to a further, successful attempt was made on December 2. November, the IC3 Initiative, contacted to work together on a responsible announcement of the vulnerability. According to his own statements even the Ethereum-veterans Vitalik Buterin, and Hudson Jameson have been notified and asked for help. After the Team was then busy for about a week, the contact details for safety of the major stock exchanges were instructed to collect, was the weak spot at 12. November in a small circle announced. Of the broad masses was only at 21. November of the vulnerability reports, so no stock should be more vulnerable.