In the beginning of the month it became known that the majority of smart contracts in Ethereum, use potentially vulnerable code. Company Level K, which is developing solutions in the Ethereum ecosystem has published details of the vulnerability. According to them, transactions with users may be charged additional fees.
“When ETH is sent to an address, this address can perform arbitrary computation, which is paying the initiator of the transaction. This feature is called the vector of sabotage. However, in some cases at-risk systems, such as the exchange of cryptocurrencies, did not implement necessary precautions,” – said the programmer.
A Gas token on the blockchain Ethereum uses a mechanism of reimbursement, which allows the user to save the tokens when their low price and receive a token in case of high prices. Generating large volumes of Gas token upon receipt Ethereum, users can use the so-called “vector,” for their own enrichment.
“Since previously it was not known what the exchange implemented the necessary precautions, and what – not, we privately disclosed information about her the largest possible number of exchanges, which now are not at risk. As far as we know, all exchanges that had the vulnerability and has received our notice, fixed it,” adds the company.
The vulnerability was inherited and forks of Ethereum, including Ethereum Classic and POA Network.
To prevent attacks, the ecosystem participants are encouraged to set a “reasonable” limit gas and shift costs to users if they need to carry out costly computations.