Multiple exchanges have now halted trading for a number of ERC20 tokens due to a newly discovered smart contract bug called Batchoverflow. Batchoverflow is an exploit discovered where a public function called “batch” can be maliciously used to create additional tokens on some ERC20 token contracts. A hacker recently attacked two specific ICO contracts using this approach, minting billions of unplanned ICO tokens, then attempted to transfer them to an exchange to sell them off. One such token, BeautyChain (BEC) was among the first to fall victim on Sunday when attackers generated 10^58 (that’s a one with 58 zeros after it) BEC tokens, resulting in a loss of ¥6,447,277,680.
The security researchers who first discovered and named Batchoverflow have listed a number of challenges encountered with reporting and resolution of this issue.
To understand the new challenges presented by smart contract bugs, we should first explain how security researchers generally report software exploits they discover: A researcher who discovers an exploit normally will first quietly report the issue to the company who owns and maintains the vulnerable system. The researcher will also give a time window which the company can use to fix the issue before the general public is made aware that the issue exists. The reason for this is that if the researcher immediately announces the flaw, there will be time for hackers to use the published exploit before the company can reasonably take measures to mitigate or resolve the issue.
Smart contracts present a unique challenge for security research disclosure windows because smart contracts are immutable and cannot be changed. Thus, giving notice to a smart contract creator will not enable them to patch their system since the smart contract cannot be patched at all, no matter the timeline. If and when a company is made aware that their smart contract is flawed, they may need to turn to exchanges to halt trading simply because they have no method of fixing the issue at all. Secondly, at some point the company must decide when to notify users that the smart contract is flawed, but doing so will guarantee the contract will be exploited by a multitude of hackers.
Sagewise presents a simple solution to remedy the problems presented by the immutable nature of smart contracts. Contract creators can wrap their contract using the Sagewise SDK allowing additional functionality when they need it most. In the case of Batchoverflow, over a dozen smart contracts are vulnerable. If these contracts had implemented the Sagewise SDK, contract participants could have frozen the contract as soon as they became aware of the exploit. For most of the impacted contracts, this would have meant freezing the contract prior to any exploit occurring, thus removing any chance that the contract could be exploited. The timing would also be much more favorable as the contract could be frozen quickly before the exploit was publicly disclosed leaving no time for a bad actor to exploit the contract after the announcement.