Coinbase, a San Francisco-based cryptocurrency exchange publicly unveiled about a glitch that enabled the users to manipulate their ethereum balances. The expertise rectified that by using smart contract, a user can add unlimited ethereum to their account.
The bug was disclosed publicly on March 21 but the glitch is present since December 2017. A reward of $10, 000 was given Vicompany, a Dutch-based research analysis company for rectifying and addressing the glitch.
Sans Francisco trading platform explained that researchers managed to address the bug with ETH receiving code when it is fetched from a contract. The facilitated transfer of ETH to Coinbase for crediting, even of the execution of failed.
As per the Vicompany, it could easily control the ether balance by distributing ether with the help of smart contract to all wallets. The company also stated that the mechanism was expected to reverse all transactions if single internal transaction fails. But in this case, it reverses the transaction. A researcher of third party disclosed that it means at the Coinbase side this transaction will appear normal and won’t be reversed, and any user can add unlimited ether to the account balance.
However, Coinbase isn’t the only exchange that has witnessed such bug that enables the user to manipulate their account balance. Zaif, a Japanese exchange had a major glitch that allowed users to buy BTC for zero dollars. Similarly, earlier to the Zaif case, a firm named Overstock had an API glitch which let users to transact for goods that are priced in BTC in BCH.
In the Zaif incident many of the customers took the advantage of this bug. Cryptocurrencies were almost for free on the platform for almost 20 Minute. However, situation was brought under control with one user managed to escape. However, it didn’t went that bad, but could have ended worse for the company.