March 21, at the exchange Coinbase was discovered a fault in processing of incoming transactions in the ETH, which allowed users to manipulate the status of their accounts. The researchers found that using a smart contract, any user could add as many broadcasts to your balance. Despite the fact that the bug was only discovered a few days ago, reported that it existed from December of last year. Coinbase paid a fee of 10 000 dollars research company Vicompany that detected the error.
«The researchers noticed a problem with our code ETH reception you receive from the contract. This error was allowed to ETH on Coinbase, even if the execution of the main contract could not be», — reads the statement of the platform. «The problem was resolved by changing the processing logic of the contract. Analysis of the problem indicated only for accidental loss to Coinbase and lack of tampering error».
According to Vicompany, the scammer was able to manipulate its balance of air, using a smart contract for the distribution of the esters over a set of wallets. Vicompany explains that, if one of the inner transactions fails, all previous transactions will be cancelled. However, the interface Coinbase transaction is not overturned. The researchers note:
«On Coinbase such transactions will not be cancelled, this means that someone can add as much air to your balance, how much you want to.»
Coinbase is not the only exchange that is suffering from bug that allows users to manipulate the balance sheets. In February of this year, the failure of the Japanese stock exchange Zaif allowed
traders are free to buy bitcoins. A month before the incident at Overstock failed
API that led to the fact that the company would accept payment for goods in BCH instead of BTC.