It has been an interesting week for all ERC20 tokens. Despite their popularity, a fair few tokens were vulnerable to a recently documented exploit. As such, the Binance exchange took matters into its own hands. By partnering with Quantstamp, a thorough audit of the platform’s listings was conducted. No issues were found, albeit other exchanges may not be so lucky.
PeckShield Discovers ERC20 Exploits
Last week, security firm PeckShield shocked the world by discovering two exploits affecting different ERC20 tokens. These bugs would allow for malicious transactions to take place. As a result, most trading platforms suspended all of these tokens until the matter was resolved. With half a dozen currencies vulnerable, things were not looking all that great.
Binance decided to take matters into its own hands. Unlike other exchanges, the firm decided to get an independent audit of its supported ERC20 tokens. None of the currencies listed on its platform are vulnerable to either exploit, which is a positive development. QuantStamp, the smart contract security audit firm, ensured everything is working as it is supposed to.
The two bugs still remain present in the affected tokens. Known as batchOverflow and proxyOverflow, these exploits can inflate the hard-capped supply of affected tokens. It is a very worrisome development and seems to spell the end of the affected tokens. It is important to note this is not due to a flaw in the ERC20 token standard itself. Instead, the smart contracts of the affected tokens are to blame for these issues.
What About Other Exchanges?
Considering how there are hundreds of ERC20 tokens, a lot more research may be needed. Some platforms trade tokens that are currently not listed on the Binance exchange. All of those contracts will need to be vetted to ensure they are safe from bugs. It is up to individual exchanges to ensure that research is taking place behind the scenes.
So far, no other trading platforms have announced any official research in this regard. The fact that Binance does the right thing well ahead of anyone else also speaks volumes. For future ERC20 tokens, getting the smart contract audited before issuing the tokens would be the right course of action. Whether or not projects will take that approach, remains to be determined.
For now, Binance users are the only ones who can safely trade ERC20 tokens. The investigated tokens are safe from harm. Everything else is still subject to potential issues until proven otherwise. This is another important step toward ERC20 token maturity. Issues like these are to be expected, but thankfully, the damage has remained rather limited.