Security experts release disclosure for an Ethereum vulnerability that enables attackers to potentially force exchanges to pay large gas fees
November 21, 2018, 4:20PM EST
1 min read
Security experts from Level K, Trail of Bits, and IC3 disclosed a vulnerability in GasToken that enables an attack to potentially force an exchange to pay large gas fees for initiating Ethereum transactions. Additionally, attackers can use this exploit to mint GasToken.
GasToken allows users to tokenize gas on the Ethereum network, storing gas when it is cheap and using gas when it is expensive. Every transaction on the Ethereum network must include gas fees (ether) to pay miners for executing the transaction. Because many exchanges allow for the withdrawal of ether with no gas usage limits, an attacker can exploit the vulnerability for a GasToken supporting exchange — forcing the exchange to overpay gas for transactions, potentially draining their ether wallets.
Prior to publicly disclosing this vulnerability, Level K, Trail of Bits, and IC3 reached out to vulnerable exchanges, recommending they set gas limits for all Ethereum-based transactions. All affected exchanges that have received the disclosure appears to have patched the vulnerability. (Source: Failure to set gasLimit appropriately enables abuse)
Swash is one solution empowering people, businesses, and developers through an ecosystem of tools and services designed to unlock the latent value of data by pooling, securely sharing, and monetising its value
The Block Research was commissioned by Forte to create “Blockchain-Based Gaming: A Primer” which provides a comprehensive introduction to how blockchain technology is being employed in video gaming experiences.