Coinbase Bug Allowed Users To Fund Wallets With Virtually Unlimited Ether Ethereum

Coinbase Bug Allowed Users To Fund Wallets With Virtually Unlimited Ether

Disclosed today, an exploit in Coinbase contracts allowed users to fund wallets with potentially unlimited amounts of Ether. Dutch researchers discovered the flaw, furnishing it to Coinbase in January. The Dutch firm, VI Company, was instrumental in identifying a Coinbase exploit that was – until today – largely unknown. Disclosed via the vulnerability tracking and coordination platform HackerOne, researchers at VI Company described the issue as follows: "By using a smart contract to distribute ether over a set of wallets you can manipulate the account balance of your Coinbase account." VI Company's posting continues: "If one of the internal transactions in the smart contract fails, all transactions before that will be reversed. But on...
Read more