Audit Gives Binance-Listed ERC20 Tokens Clean Bill of Health from ‘batchOverflow’ Bug

Smart contract security firm Quantstamp has given Binance-listed ERC20 tokens a clean bill of health after conducting an audit to determine whether any of the exchange’s listed assets were subject to the recently-discovered batchOverflow and proxyOverflow vulnerabilities.

Quantstam released its audit report in late April, confirming that no ERC20 token currently listed on Binance -- the world’s largest cryptocurrency exchange -- is subject to the vulnerabilities, which allow attackers to essentially print tokens out of thin air.

“Quantstamp shares Binance’s safety-first philosophy in protecting their customers and supports the exchange’s ambitions to create the gold standard in security for the mass adoption of digital currencies, said Richard Ma, CEO of Quantstamp. “In light of the recent vulnerabilities, we are proud to have assisted Binance in its mission to help protect their token holders and the wider Ethereum community.”

As CCN reported, the vulnerability is believed by researchers to affect about a dozen tokens, whose developers utilized a function -- batchTransfer -- that was not included in the ERC20 token standard.

Attackers were able to exploit the function with a type of integer overflow error, which essentially means that they attempted to store more data in a variable than its data type would allow. Since the contracts did not have a provision to prevent this occurrence, the attackers successfully created an additional supply of tokens far in excess of the token’s original supply.

At least several of these tokens were listed on high-profile cryptocurrency exchanges, so these trading platforms were forced to suspend deposits -- OKEx even went so far as to temporarily suspend all ERC20 token deposits while it investigated the issue -- and in some cases roll back trades.

Quantstamp said that it has contacted all affected tokens and has offered to assist with addressing the issue at cost.

“We won’t be making a profit from our effort to make the Ethereum ecosystem more secure,” the company said.

Share
Tags: Binance
Josiah Wilmoth @Y3llowb1ackbird

Josiah is the US Editor at CCN, where he focuses on financial markets and cryptocurrencies. He has written over 2,000 articles since joining CCN in 2014. His work has also been featured on ZeroHedge, Yahoo Finance, and Investing.com. He holds bitcoin, but does not engage in day trading. He lives in rural Virginia. Follow him on Twitter @y3llowb1ackbird or email him directly at josiah.wilmoth(at)ccn.com.

News Tip?

tips (at) ccn.com

About CCN.com

CCN.com, also known as CCN Markets, is a financial news site reporting on Market News and Gaming. Op-eds and opinions should not be attributed to CCN Markets. Journalists on CCN Markets follow a strict ethical code that you can find here. You can contact us here. You can read more about us here. Find our journalists here. U.S. Office: New Jersey, USA. Twitter. Facebook. LinkedIn. Youtube.

Dear reader, we are using cookies for third-party applications like Twitter, Youtube embeds, Google Analytics and Google AdSense.

Privacy Policy