ETHERLive
ETHERLive delivers real-time price and volume data across 16+ exchanges to users in a clear and easy-to-understand package. Users can get up-to-the-second updates for each exchange/currency pair, as well as aggregated market averages for each exchange, currency, and the market as a whole. It also provides a global converted average of all the currency pairs monitored by ETHNews, converted to USD.

---

24hr ---
--%
Wednesday Dec 13th 2017
RESOURCES

The Basics

Learn the basics of Ethereum and various cryptocurrency technologies

Learn More

What is Ethereum?

Understand the underlying principles of the Ethereum Platform

Learn More

The Blockchain

Discover the revolutionizing technology known as the blockchain

Learn More
SUBMIT

Press Release

Submit a press release for consideration on ETHNews

Submit Press

Story / Dapp

Submit a story or DAPP to be considered for publication on ETHNews.

Submit Story

Explanation

Submit "Ethereum Explainer" content for consideration to be featured on ETHNews

Submit Topic
ETHNews Logo
---
--%
Home
News
Etherlive
Ether Price Analysis
Resources
Contact Us

Ether.Camp’s HKG Token Has A Bug And Needs To Be Reissued

By

Jim

Manning

WriterETHNews.com

Ether.Camp’s Hacker Gold Token (HKG) was found to have a bug in it. The bug is serious enough that the contract will need to be rewritten, and the tokens reissued.

According to Ether.Camp’s white paper, their Hacker Gold token (HKG) isn’t primarily a store of value, it acts more as a reputation marker. HKG tokens were issued during the incubation period of the Ether.Camp Hackathon competition and they allowed interested parties to buy other tokens of individual startups. However, it was just discovered that the HKG token’s contract code happens to have a bug in it.

The bug was only recently discovered by Zack Coburn, a developer whose main projects are Etherboost, a decentralized trading hub, and FirstBlood, an Ethereum eSports rewards platform. After getting in contact with Ether.Camp’s CEO & Founder Roman Mandeleil, Coburn was asked to submit a vulnerability report on GitHub, which can be viewed here.

The bug was found in the transferFrom() function of the HKG token contract. Exploiting this vulnerability would allow a bad actor to reset an account balance. This bug is significant enough to warrant a reissuing of HKG tokens after a fix is made. The entire vulnerability was made possible because of a minuscule snippet of code that read “=+” instead of “+=.” Vitalik Buterin himself chimed in on a reddit discussion about the bug, writing:

IMO this is a matter of language unintuitiveness; =+ should not be legal. I'll be checking Serpent and Viper for this. One way an FV checker could have prevented this though if it was standard for currencies to include an invariant that the total supply never changes.

In the vulnerability report, the recommended fix is to create a new HKG contract that corrects the bug, as well as restores all account balances to what they were before the bug reared its ugly head. Dapps that internally track the balances of HKG will need to be taken into account, while exchanges and token holders will also need to be notified about any new token contract. Because the flawed StandardToken code that initially created the HKG token was used to create all hack.ether.camp team tokens, those tokens are affected as well.

ETHNews reached out to Ether.Camp, but they declined to comment while work is underway to fix the flaw. We may expect to hear from them about this developing story in a few days.

Originally, Zeppelin had performed an audit of the HKG token code and found no severe security problems. This only serves to show how sneaky even the smallest bugs can be, even surviving a public code audit. Ultimately, this speaks to the importance of using proven code and performing rigorous tests when writing smart contracts.

The entire blockchain ecosystem suffers when situations like this reflect insecurities. Bugs are always going to plague computer code, but when found in such a fledgling field, they are scrutinized and can cause skepticism. To ensure the safety and reliability of any code written, it’s important to follow industry standard best practices. When Ethereum encounters a bug, investors may get nervous, but as developers continue learning from their mistakes and others’, the system as a whole becomes stronger and more resilient, leading to a more secure Ethernet ecosystem in the end.

Jim Manning

Jim Manning lives in Los Angeles and has been writing for websites for over five years, with a particular interest in tech and science. His interest in blockchain technology and cryptocurrency stems from his belief that it is the way of the future. Jim is a guest writer for ETHNews. His views and opinions do not necessarily constitute the views and opinions of ETHNews.

ETHNews is commited to its Editorial Policy

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest Hack.ether.camp, HKG Tokens or other Ethereum business and finance news.