An exploit created thousands of tokens, driving prices down...

Yesterday, two ERC20 tokens, BeautyChain and SmartMesh, fell victim to a vulnerability in their smart contracts:

"These contracts had already been attacked to create huge numbers of tokens out of thin air, and they suffered sharp price drops. The Bitcoin-denominated price of one of these tokens, for instance, fell more than 90% in a single hour, before trading was suspended..." (source)

It is a startlingly common, yet easily preventable bug called "integer overflow" that enables hackers to essentially produce thousands of tokens, quickly sell them on exchanges, and thus destroy the value of the currency due to the sudden influx of token supply. The scary thing is, there are a number of other currencies that currently have the same vulnerability.

Sadly, instructions for avoiding this known exploit are available and do not require a great deal of work to prevent. This article points out how the exploit works:

"Some Solidity smart contracts are vulnerable to what is known as an integer overflow or underflow. They occur when a variable exceeds the maximum or minimum of the data type it uses. When this happens, the value wraps around the other end of the minimum or maximum range respectively...

Mathematically, this is unintuitive, since the sum of two positive numbers is always greater than the first. Yet, since the value of max is 2^256 - 1, which is the upper limit of the uint data type, the result of x + max wraps around to 0, and becomes 499 instead of 500 + 2^256 - 1.

An integer underflow follows the same principle, but in reverse."(source)

The explanation gets fairly technical, but the important thing is, this problem is preventable with a little bit of homework.

It seems we may still be a long ways off from truly trustless currency, as a great deal of trust is placed in the capabilities and intentions of developers when investors put their funds into tokens such as these. Unfortunately, it's just not possible for the average person to read through the necessary code to determine the safety and security of a given token. While it's important to recognise we have to do our own research as much as possible, at the end of the day, we might just have to trust developers anyway.

*This is not professional trading advice - it's just my opinion!

If you're interested in trading cryptocurrencies, check out Binance by using the link in my profile @xsid and sign up today!

source:

https://cryptojobslist.com/blog/two-vulnerable-erc20-contracts-deep-dive-beautychain-smartmesh

image source:

https://medium.com/blockchannel/the-anatomy-of-erc20-c9e5c5ff1d02