Slowmist Finds Double Spend Loophole
Scroll DownOn June 28th, 2018, the private cybersecurity firm Slowmist based in China discovered a vulnerability in Tether (USDT) regarding double spending. The company tweeted that they could conduct a transaction without correct field values on an exchange that was not specified. The vulnerability allowed individuals to receive credit for tokens that they didn’t send, resulting in a double spend. After the announcement on Twitter from SlowMist, OmniLayer’s founder, which is where the USDT was created, issued an explanation. The explanation stated that the exchange wasn’t checking for a valid flag with each of the transactions. Transactions were allowed through with a value of false, which shouldn’t have happened, and then the following “double spend” transaction received a value of true, which was accepted as well. The company stated that they felt that the error was poor integration on the exchange. CryptoMedication, a Crypto observer, shared an image showing the part of the code with the error. The “valid” value was true, while it should have been defaulted to false. OKEx, the second largest exchange in the world based on trade volume, issued a statement saying that they performed multiple examinations when informed about the loophole from SlowMist. They determined that the OKEx was not exposed to the double-spend vulnerability. The double-spend vulnerability is a serious deal with enormous consequences because it could have been exploited ad infinitum, according to CryptoMedication. They acknowledged that it is more of an issue with the exchange itself than a problem with Tether based on what they know. Tether issued 250 million new tokens earlier in the week with a backing of 1:1 ratio with the U.S. Dollar. In March they released 300 million tokens, which led to a small increase in the value of Bitcoin. They were in the news earlier in June after the University of Texas made allegations saying that USDT was used for price manipulation in 2017 with Bitcoin.
Comments