Quantstamp, a smart contract security firm, has audited Binance, the largest crypto exchange in the world, for vulnerabilities to the recently-discovered batchOverflow and proxyOverflow token printing exploits. According to the Quantstamp audit released in April, Binance-listed ERC20 tokens have been given a clean bill of health.
Richard Ma, CEO of Quantstamp, stated:
“Quantstamp shares Binance’s safety-first philosophy in protecting their customers and supports the exchange’s ambitions to create the gold standard in security for the mass adoption of digital currencies. In light of the recent vulnerabilities, we are proud to have assisted Binance in its mission to help protect their token holders and the wider Ethereum community.”
The exploit has affected around a dozen various tokens through a function used by developers called batchTransfer, this feature was not included in the ERC20 token standard. Hackers were able to utilize this feature with an integer overflow error, which in essence allowed them to store more information in a variable than its data type would allow. Since the contracts did not contain a security measure to stop this exploit, the hackers were able to create more tokens than were originally allotted to the token limit.
Multiple different tokens with the exploit were listed on several large cryptocurrency exchanges, causing the various platforms to suspend deposits and in some cases roll backed trades. Quantstamp has stated that they have made contact with the afflicted tokens and will offer assistance if requested.
However the company stated as well that they:
“We won’t be making a profit from our effort to make the Ethereum ecosystem more secure.”