Coinbase, the United States’ largest cryptocurrency exchange, experienced a bug in its ethereum smart contract that would’ve permitted users to manipulate their account balances, seemingly infinitely. The flaw was discovered by Dutch firm VI Company, who was rewarded with a bounty of $10,000 USD by Coinbase.
Coinbase Pays $10k for the Help
According to VI Company findings, the flaw would’ve allowed anyone to nefariously send themselves ether at command. The good news is the glitch flew under the radar and was never made public until it was resolved.
On December 27th, 2017, VI Company reported the bug to Coinbase and the issue was fixed within four weeks. A reward of $10,000 was supplied for the find.
The firm’s disclosure report explained that the vulnerability involved “using a smart contract to distribute ether over a set of wallets [… to] manipulate the account balance of your Coinbase account.”
Over the past few months, San Francisco-based cryptocurrency exchange Coinbase has been suffering from a string of issues surfacing one after another. Recently, two class action lawsuits were filed against the Coinbase, one for insider trading while launching bitcoin cash support and the other for holding “unclaimed digital assets.”
At the same time, the U.S. exchange has also launched its own index fund, a community-building team, two major deals in the U.K., and SegWit support.
ETH for the Pickings?
In their vulnerability report, VI Company compellingly explains:
“If 1 of the internal transactions in the smart contract fails all transactions before that will be reversed. But on Coinbase these transactions will not be reversed, meaning someone could add as much ether to their balance as they want.”
Accordingly, anyone with the requisite technical knowledge could have exploited the glitch and rewarded themselves with a massive sum of ether.
The crypto market is still new compared to traditional markets, which face major failures themselves, so there is still a long way to go for players like Coinbase and the like. Blockchain technology is tamper-proof, but the sedimentary supporting businesses around it still are vulnerable and imperfect.
Are such glitches discouraging investors from entering the crypto market? Let us know your views in the comments section.
Source: Read Full Article