Vulnerability in Coinbase Smart Contract Allowed Ethereum to Be Credited Infinitely

[Brother]

At the end of February 2018, a consolidated group of experts warned that more than 34,000 Ethereum smart contracts have potential problems and vulnerabilities that contract owners are not even aware of.

This week, the experts found new confirmation: it became known about a bug in the Ethereum smart contract, owned by the major cryptocurrency exchange Coinbase.

The problem was discovered back in December 2017 by specialists from the Dutch firm VI Company. Now that the vulnerability has been fixed, and the company has received a $ 10,000 award and a green light for data disclosure, the researchers have posted a detailed blog post about their discovery.

Experts write that a bug in a smart contract, which was used to distribute funds between several wallets, allowed users to credit an unlimited amount of Ethereum cryptocurrency to their balance on the exchange.

“If one of the smart contract transactions fails, all transactions before it must be canceled. But on Coinbase, such transactions were not canceled, which means that a person could add as much Ethereum to his balance as he wanted, ”VI Company experts explain.

Although the problem was discovered back on December 27, 2020, the vulnerability was finally fixed only on January 26, 2018. In their report, VI Company specialists emphasize that the analysis of the problem showed that no one had time to exploit the vulnerability.