A number of university researchers published a study that demystifies the “fake deposit vulnerability” in Ethereum-based smart contracts. The findings show that over 7,000 tokens worth more than $1 billion built on top of Ethereum are vulnerable to two types of attacks that exploit smart contracts.
Researchers from the University of Queensland, Beijing University of Posts and Telecommunications, Zhejiang University, and Peking University have published a paper that describes a vulnerability held by over 7,000 Ethereum-based tokens.
Essentially, the tokens created have verification methods that are subpar to ERC20 contracts released after 2017. The vulnerability allows the token’s codebase to be manipulated and hackers can easily steal millions of dollars by executing the “fake deposit vulnerability.”
What is worse is that there are more than 25 million smart contracts built using the Ethereum network and the researchers say only “0.36% of them have released their source code according to our dataset.”
Moreover, the paper discusses that the tokens are vulnerable on both decentralized exchanges (dex) and centralized exchanges (cex) because they allow these coins to be swapped “without comprehensive verification.”
The team of researchers leveraged a tool called “Deposafe,” which allows the testing of a large number of ETH-based smart contracts.
Read More: Click Here