Team blockchain platform NEO confirmed the opinion of the company Red4Sec that has discovered a vulnerability in the code some smart-contracts on the basis of which work of cryptocurrency tokens standard NEP-5.
A Statement on Storage Injection Vulnerability. https://t.co/CksTyaxn3I
— NEO Smart Economy (@NEO_Blockchain) 18 may 2018
“The vulnerability exists in the code of smart contracts some decentralized applications (dApps). The blockchain NEO it has no effect”, — stated in the message of the developers.
At the same time confirmed that several tokens of the standard NEP-5 were vulnerable. So, changing the parameter inside the totalSupply of the contract, the attacker is able to burn a certain number of tokens or to increase the displayed number.
However, stresses team NEO, the parameter totalSupply is responsible only for the displayed number of tokens in circulation, and the change in the real volume of supply, he has nothing
Thus, this vulnerability has a limited degree of risk, and the cost of the attack due to its application will be very high.
It is also reported that, despite the fact that some projects still haven’t fixed the vulnerability in their contracts that their users are not at any risk. The names of the projects that are at potential risk, team NEO, but no calls.
One of the tokens of the standard NEP-5 is a Trinity Token (TNC). In March, razrabotciki Trinity Protocol announced the launch of crosscanada Converter that will allow TNC to exist in two blockchains: NEO and Ethereum.