9 Nov in Twitter account Netta Lab there was a statement that the organization has discovered a vulnerability in virtual machine Ethereum, which allows you to endlessly execute smart contracts, not paying for gas on the network. The researchers also allegedly asked the operator of the us vulnerability database, where he registered a corresponding opening.
Netta Labs discovered an Ethereum EVM vulnerability, which could be exploited by hackers. The vulnerability can cause smart contracts can be executed indefinitely without gas being paied.
— Netta Lab (@NettaLab) November 9, 2018.
On request Netta Lab in Google you can find the project website netto.io, which specializiruetsya on the smart audit-contracts under the brand Netta Lab, however, the Twitter accounts of the projects are not the same. Note that the reported vulnerability profile was in November.
Many users expressed doubts about the authenticity of the information, but then the Creator of the project NEO Yes Hongwei said that communicated with the CEO Netta Labs and asked the researchers to conduct an audit of the virtual machine NEO.
Talked Briefly with the CEO regarding the security issue. It seems quite serious. I am asking the team to check NeoVM also. https://t.co/2Vk9gUZn1S
— Da Hongfei (@dahongfei) November 9, 2018.
“I spoke briefly with the head [Netta Labs]. The vulnerability looks pretty serious,” — he stressed.
However acne Buterin on Reddit wrote that we are talking about the vulnerability in the Python implementation of the virtual machine, which first wrote on GitHub 9 days ago. This means that major customers (go-ethereum; parity and cpp-ethereum) is not a problem.
Let us add that on Friday evening, a bitcoin developer Matt Odell also reported on the potential vulnerabilities in the Protocol, Ethereum, which puts at risk the funds to cryptocurrency exchanges.
Ethereum Potential vulnerability. No details publicly released yet. https://t.co/M6DtfJC0mt
— Matt Odell (@matt_odell) November 9, 2018.
First on the risks to infrastructure some platforms, said dApp-developer Level K, but the details were not disclosed.
We will shortly disclose a security issue that could potentially cause a loss exchanges of funds. In order to receive advance notice prior to disclosure, please add your name to the following list via pull request, or by DM’ing @trailofbits or @levelk_io: https://t.co/2Y5niurffl
— Level K (@levelk_io) November 9, 2018.
Recall hardwork Constantinople in the main Ethereum expected to take place on 16 January 2019.
Subscribe to the news Forklog in Facebook!
Source
