Binance, the world’s largest cryptocurrency exchange, has however ensured that none of the ERC20 tokens listed on its platform suffer from these vulnerabilities.
The exchange had delegated the task to QuantStamp, a smart contract security audit firm, which confirmed that none of the tokens on its platform featured these bugs.
The two bugs, batchOverflow and proxyOverflow, are resulting in integer overflow, a common computing issue which occurs when trying to place an integer into a space in memory that is too large for the integer data type.
For the ERC-20 tokens, this allows creation of additional supply of tokens that do not actually exist within the system.
The PeckShield research had discovered that at least ten coins were exposed to the bugs. They included: BEC, MESH, SMT, UGToken, SMART, MTC, FirstCoin, GG Token, CNY Token, and CNYTokenPlus.
Quantstamp has stated that these vulnerabilities are no a flaw within the ERC20 standard itself. They are just instances of poor code in the Smart Contracts of the particular tokens.
“Not all ERC20 tokens are affected,” the audit firm has clarified.
After the Quantstamp audit of Binance, at least it’s clear that none of the tokens listed there have these vulnerabilities.
Quantstamp recommends that it is more secure for the tokens to get their smart contracts audited before they go live, rather than to do it later, which makes them vulnerable to hacking and other scams.
Original URL : https://thenextweb.com/hardfork/2018/04/30/erc20-tokens-bugs-binance-quantstamp/