Analysts of the Dutch FINTECH company VI Company found in a smart contract cryptocurrency exchanges Coinbase vulnerability, which gave users the ability to manipulate the balance, remitting to him an unlimited number of tokens, Ethereum.
As it became known, the information was transferred to Coinbase in December 2017, and in January, the exchange has eliminated the vulnerability and paid for her discovery of $10,000.
“Using a smart contract for the transfer Еther on a few purses, you can manipulate the balance on your account at Coinbase.
If one of the internal transactions within a smart contract cannot be performed, the preceding transactions are reversed. But these transactions are not cancelled for Coinbase, so someone may have on its balance sheet indefinitely Еther.
After such transaction at Coinbase crypto tools are not visible, but they appear in the purse”, — explained in the VI Company and provided step by step instructions on how to exploit the vulnerability.
Recall that recently the developers Coinbase fixed a bug in the system a payment gateway where users have lost their funds in bitcoin.
Earlier it was reported that out of nearly one million smart contracts on Ethereum in 34200 discovered critical vulnerabilities. Such data was published in the large-scale study “Finding The Greedy, Prodigal, and Suicidal Contracts at Scale,” conducted by five specialists from the National University of Singapore (NUS), College of Yale-NUS and University College London.
Source
