It should be noted that GasToken is an intelligent contract that can be used to further exploit this vulnerability through a “profitable attack”. GasToken works as a gas bank, the main resource for transactions in the Ethereum blockchain. There, users can buy representative tokens and store them when this resource is available at low prices.
In addition, through GasToken users can benefit from reimbursement for the storage of air, The specified reimbursement applies only to contractual transactions when they eliminate storage elements that would otherwise be placed in a block chain. The advantage of this type of refund is that it can represent up to half of the gas of a contractual transaction.
What to do to avoid these types of attacks?
Faced with this scenario, the authors of the document recommend that exchange houses "apply reasonable gas limits in all transactions," in addition to the user paying gas when working with expensive transactions, and also that the withdrawal fee covers the required gas.
They stressed that transactions with user addresses require a minimum (21,000 hectares), while transactions under smart contracts exceed the cost of gas on average, although the ideal amount can be easily calculated. They also mentioned the possibility of making changes to the user interface for the transfer of commissions. In addition, the authors recommended reviewing their records to determine whether they are being attacked, not only in the Ethereum network, but also in Ethereum Classic and EOS,
These types of vulnerability alerts deserve attention, because security is important for any type of financial system. Previous weaknesses were announced that attackers were able to use to steal funds in cryptotermines and even storage space.
Favorite images: canjoena / stock.adobe.com