In November 2018, I noticed two publications about Ethereum vulnerabilities in a very respected Internet media. Against the background of a general fall in the crypto market, this news could be perceived by a wide audience as negative towards the Ethereum platform itself. I and my colleagues at IberGroup have been working on smart contracts development on this platform for about two years. Therefore, I consider it important to make a small analysis of these two cases.
So, it will be a question of two publications ForkLog:

  • Online reports of vulnerabilities in the Ethereum virtual machine
  • Revealed details allowing to empty the wallets of cryptocurrency exchanges vulnerability

Full text (LG, ru)

  1. https://forklog.com/v-seti-poyavilis-soobshheniya-ob-uyazvimosti-v-virtualnoj-mashine-ethereum/
  2. https://forklog.com/raskryty-podrobnosti-uyazvimosti-pozvolyayushhej-opustoshat-goryachie-koshelki-birzh-za-schet-szhiganiya-ethereum-gaza/
  3. https://twitter.com/NettaLab/status/1060889401805271042
  4. https://twitter.com/NettaLab/status/1060889400102383617
  5. https://nvd.nist.gov/vuln/detail/CVE-2018-18920
  6. https://github.com/ethereum/pyethereum
  7. https://github.com/ethereum/py-evm
  8. https://www.ethernodes.org/network/1
  9. https://www.reddit.com/r/ethereum/comments/9vkk2g/netta_labs_claim_to_have_found_a_vulnerability_in/e9d3wyx/
  10. https://medium.com/level-k/public-disclosure-malicious-gastoken-minting-236b2f8ace38
  11. https://solidity.readthedocs.io/en/latest/common-patterns.html
  12. https://drive.google.com/file/d/1mULop1LxHJJy_uzVBdc_xFItN9ck04Jj/view
  13. https://gastoken.io/