Ethereum Smart contract and dApp developer Level K has uncovered the existence of a vulnerability within the Ethereum framework that potentially allows bad actors to mint large amounts of GasToken when receiving ETH.
In a blogpost published on November 21, the company revealed that the weakness has been flagged to most at-risk exchanges who have since effected software patches to contain the threat.
Potential GasToken Security Weakness
The vulnerability arises when ETH is sent to an address, which is then able to carry out arbitrary computations that the transaction originator pays for, which comes with a risk of ‘griefing’ – an action by a bad-faith actor designed to cause damage to network users. In theory, an attacker would be able to make a transaction originator such as an exchange pay for an arbitrary amount of computation if the exchange has no protections like gas limits in place.. READ MORE