Audit Gives Binance-Listed ERC20 Tokens Clean Bill of Health from ‘batchOverflow’ Bug
Smart contract security firm Quantstamp has given Binance-listed ERC20 tokens a clean bill of health after conducting an audit to determine whether any of the exchange’s listed assets were subject to the recently-discovered batchOverflow and proxyOverflow vulnerabilities.
Quantstam released its audit report in late April, confirming that no ERC20 token currently listed on Binance — the world’s largest cryptocurrency exchange — is subject to the vulnerabilities, which allow attackers to essentially print tokens out of thin air.
“Quantstamp shares Binance’s safety-first philosophy in protecting their customers and supports the exchange’s ambitions to create the gold standard in security for the mass adoption of digital currencies, said Richard Ma, CEO of Quantstamp. “In light of the recent vulnerabilities, we are proud to have assisted Binance in its mission to help protect their token holders and the wider Ethereum community.”
As CCN.com reported, the vulnerability is believed by researchers to affect about a dozen tokens, whose developers utilized a function — batchTransfer — that was not included in the ERC20 token standard.
Attackers were able to exploit the function with a type of integer overflow error, which essentially means that they attempted to store more data in a variable than its data type would allow. Since the contracts did not have a provision to prevent this occurrence, the attackers successfully created an additional supply of tokens far in excess of the token’s original supply.
At least several of these tokens were listed on high-profile cryptocurrency exchanges, so these trading platforms were forced to suspend deposits — OKEx even went so far as to temporarily suspend all ERC20 token deposits while it investigated the issue — and in some cases roll back trades.
Quantstamp said that it has contacted all affected tokens and has offered to assist with addressing the issue at cost.
“We won’t be making a profit from our effort to make the Ethereum ecosystem more secure,” the company said.
