The developer of decentralized applications Level K reported vulnerability in the work of smart-contracts based on Ethereum, which potentially allows fraudsters to even receive coming from attacks.
The problem occurs in the process of sending ETH to the address, which is then able to make arbitrary calculations paid at the expense of the transaction initiator. With this vulnerability, an attacker may cause damage to network users and exchanges, in the working smart contracts of which limits or protection against such frauds are not established. Potentially the attacker can not only exhaust the owner’s wallet, but also to make money on it.
The essence of the attack is that the Hacker, who wants to harm the operator, initiates the conclusion to the address controlled by the smart contract. If the operator did not take care of the installation of gas constraints, then it will pay the commission for all transactions from its own wallet. When implementing a certain number of translations, the attacker can completely empty the account of the owner. In the absence of a KYC system, an attacker can circumvent restrictions on withdrawing funds from one account. Hacker can even get to arrive, producing Gastoken and earning on it.
According to the developers, not only ETH operations are subject to risk, but also with all the tokens ERC-721 and ERC-20. The company reported to all exchanges on a potential threat of November 13, and publicly published information on the number 21 so that the operators have managed to make changes.
Recently, Ethereum is experiencing not the best times. The study showed that due to the fall of the course of coins from November of the month of ETH on GPU