Several Token contracts added redundant checks in standard approve(), requiring that the approved _amount smaller or equal to the current balance. After upgrading Solidity compiler to 0.4.22, incompatibilities would arise and these contracts could not perform normal transactions on decentralized exchanges (DEX) or DApp in most cases, whereas a majority of DApp developing teams were off guard and unaware of such a problem. Thousands of deployed Token contracts referred to incorrect example code on Ethereum official website and OpenZeppelin, resulting in several functions failing to meet ERC20 standard. Lots of ERC20 token contracts do not follow the ERC20 standard strictly, which is troublesome to developers of DApps on ERC20 tokens. Failure of Satisfying Specification in Many ERC20 contracts We have revealed more than 800 contracts with the same problem after scanning over 20,000 contracts deployed on Etherscan. After further analysis, we caught this bug in at least 81 contracts. On May 20th, 2018, a critical logical flaw was found in EDU along with other three Token contracts (CVE-2018–11397, CVE-2018–11398), causing that users' balances could be transferred out randomly. There is one other contract at least containing this problem. Hackers minted and dumped a tremendous amount of tokens, resulting in SMT's collapse. On April 25th, 2018, a similar integer overflow got uncovered in SMT. There are 10 other contracts at least containing this problem. On April 22th, 2018, the attack on Beaut圜hain(BEC) contract hardly decreased the token price to zero via pouring astronomical tokens to exchanges through an integer overflow. On June 18th, 2016, the DAO hack caused a total loss of over 3,600,000 ethers(ETH) worth over a billion dollars, and the Ethereum hard-fork afterwards led to the Ethereum community breaking apart. Lots of critical security issues have been revealed, some of which have led to severe financial losses for developers, investors, even Ethereum community as well. Here is a daily trend chart of ERC20 contracts created according to our statistics:ĮRC20 Token specification has gone through challenges and improvements during its growth. As of June 26th, 2018, more than 95,000 ERC20 token smart contracts have been deployed according to statistics from Etherscan. , PKT, a8-excess-mint-token-by-overflowĮRC20 standard is one of the most popular Ethereum token standards., MORPH, a14-constructor-case-insensitive., ATN, a15-custom-fallback-bypass-ds-auth.Add info of totalSupply, decimals, exchanges into Token lists.Visit 'How to contribute' if you find a mistake or anything missed in this repo.Visit ERC20_token_issue_list.md for a detailed description of all bugs and Token contracts affected.Visit bad_ for a summary of top ranking Token contracts affected.Visit bad_ for a summary of all Token contracts affected.This repo has a few problematic Token contracts that have already been fixed properly.This repo includes some Token contracts without vulnerabilities, while they fail to satisfy specifications.This repo might have duplicate names with popular projects, please do not over-decipher this.This repo might not be perfectly accurate, please contact us or submit a pull request when you find something wrong.This repo collects all info from public resources and part of analysis is generated by script along with manual checking.This repo is aimed to notify the community of development security by collecting reported smart contract issues.A Collection of Vulnerabilities in ERC20 Smart Contracts With Tokens Affected
0 kommentar(er)
