Ethereum – CVE-2018-10468

As far as I remember, the goal of bitcoin technology aim to replace the traditional payment. In additional, the slogan of bitcoin is that it can provides a more secure way to send the money and it is hard to counterfeit.  We heard cyber security incidents happened in bitcoin industry frequently last year.  Ethereum , a most relieable and popular crypto currency in the bitcoin industy.  A vulnerability found in Ethereum that it give a way to hacker do the re-engineering. Hacker is able to transform the transfer function ( transferFrom()). Detail shown as below:

The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims’ balances into their account) because certain computations involving _value are incorrect, as exploited in the wild starting in December 2017, aka the “transferFlaw” issue.

For more details, please refer below url for reference.

https://peckshield.com/2018/04/28/transferFlaw/