New Study Exposes Vulnerability in Thousands of Ethereum Smart Contracts Author: Jimmy Aki Last Updated: 28 August 2020 The Ethereum blockchain is currently one of the most favored for issuing digital tokens in the crypto industry. It promises optimal scalability and performance, more so than developers can get with many other blockchains. However, a new report has shed light on an inherent vulnerability in the blockchain that could affect thousands of tokens built on it. The Fake Deposit Vulnerability This week, researchers from several educational institutions published a research paper highlighting a “fake deposit vulnerability” in Ethereum-based smart contracts. The researchers came from institutions such as Peking University, Zhejiang University, the University of Queensland, and the Beijing University of Posts and Telecommunications. According to them, over $1 billion worth of Ethereum-based tokens is now at risk. Going deeper, the research paper explained that these tokens come with verification methods that are less secure than ERC20 contracts developed after 2017. Thus, hackers can use the fake deposit vulnerability to manipulate the contracts’ codebases and steal millions. The research paper added that vulnerable tokens are available on both centralized and decentralized exchanges. They allow coins to be swapped without any comprehensive verification, thus presenting an opportunity for skilled hackers to steal users’ tokens. To remedy the situation, the researchers developed a took known as “Deposafe.” With the tool, token developers can test their smart contracts for possible fake deposit vulnerabilities. “In this work, we have systematically characterized the fake deposit vulnerability in Ethereum. Deposafe, an automated tool is proposed to perform the detection and verification of the vulnerability,” the paper states. The researchers added that they’d tested the product to a large number of smart contracts. The tests showed that about 7,735 tokens were susceptible to the fake deposit vulnerability using the “Type I” attack. A Type II attack could affect a further 7,716 tokens. Together, these tokens have a market cap of $1 billion. Ethereum’s Security to Come Under Scrutiny Security on the Ethereum blockchain is more prominent than ever, especially as its use in decentralized finance (DeFi) is growing. The DeFi boom has been quite noteworthy, with projects seeing record funding rounds and surging market value. The total value of capital locked in DeFi protocols has increased by at least 250 percent in less than two months. This month, DeFi protocols reached a record $7 billion in market cap. If this rate continues, the DeFi sector could hit a $25 billion market valuation before the year runs out. Aave, a lending protocol, is currently the largest DeFi project, according to data from DeFi Pulse. With $1.51 billion in assets locked, the project is followed by MakerDAO and its $1.42 billion. Curve Finance rounds out the top 3 with $1.15 billion in assets locked. Most of the top DeFi protocols were built on the Ethereum blockchain. While some might end up branching out to form their own networks, Ethereum is still the preferred choice. If there is a vulnerability in the platform’s underlying smart contracts, developers will want to be aware.