A coding error accidentally locked away a YUGE pile of Ethereum in an executable distributed code contract (EDCC), hitting the profits of Canadian crypto currency exchange QuadrigaCX - but not its customers.
Today on June 2, 2017, the largest Canadian exchange QuadrigaCX explained an irregularity for the process of sweeping the incoming Ether to the company's exchange.
QCX took full blame for the issues and mistake, & has promised that there's been no impact on account funding. In a reddit post, the company's official account stated:
"all withdrawals, including Ether, are being processed as per usual and client balances are unaffected." (Source at end of article)
As per data compiled by one reddit user - (source below) this bug has trapped 67,316.2838 Ether (approximately $14.8 million) in the SafeConditionalHFTransfer of the governing EDCC. QuadrigaCX's official statement explains that the mistake happened after a Geth upgrade. Older protocols of Geth, had made allowances for optional prefixes of 0x on Hex values, whilst the upgrade made the prefix mandatory. QuadrigaCX stated:
"Our code didn't prefix the Hex string with 0x and when we upgraded Geth from 1.5.3 to 1.5.9 on the 24th of May, the SHA3 function call failed and our sweeper process then called the contract with an invalid data payload resulting in the ETH becoming trapped."
QuadrigaCX stated that while the problem has negatively impacted the company's profits, a fix may come in the form of Ethereum Improvement Proposal 156, a small code piece that could be changed to give a solution to the issue of contracts holding ETH with no way to move them.
QuadrigaCX must now find a way to be content with this very pricy lesson:
Always. Validate. Inputs.
Related Reddit sources of info:
--
https://www.reddit.com/r/ethereum/comments/6ettq5/statement_on_quadrigacx_ether_contract_error/
--
https://www.reddit.com/r/ethereum/comments/6eruqb/if_your_exchange_is_related_to/diczqn0/
If you liked this blog post - please Resteem it and share good content with others!
--
Some of my recent blogs:
--
If you feel my posts are undervalued or you want to donate to tip me - I would appreciate it very much.
Bitcoin (BTC) - 18J6RRuzX4V7b2CDbx7tWZYNBLkkGWsvWX
DASH - XgZvsvSZgPkNbmGbRhc3S1Pt2JAc7QHwiS
PIVX - DA3azxQqJiX9t7EviuacpamfNhMi2zGAUh
Monero (XMR) - d8ecb02c09f70ec10504b59b96bc1f488af28b05933893dfd1f55b113e23fbff
Ethereum (ETH) - 0x3Ad69Ff057C9533ca667B2d7E3E557F5eeFd4477
Ethereum Classic (ETC) - 0x5ab2b08d4ce8d454eb9d1ecc65c6d8b0c5f9784c
LiteCoin (LTC) - LKdsnvSXk9JW99EiNicFMGKc1FXiBo9tUE
Stratis (STRAT) - SNsJp6v1jXvKWy4XcXSXfNQ9zhSJJppJgv
Synereo (AMP) - 1KnrL6wFHaT4gjJ2YJ5f6WmKTDJNsaBS8s
Expanse (EXP) - 0x819b9cce8630ab638198eabfd7496786c20d629a
ZCash (ZEC) - t1aCPEYELkGaf3GtgGTiCEDo7XfPm4QEwmL
Please note -- I will have limited internet access for awhile -- so PLEASE do not be upset that I cannot reply right away, or to everyone. I am dealing with some changes, and will have limited time online and will be happy if I get a few blog posts up a week.
Today on June 2, 2017, the largest Canadian exchange QuadrigaCX explained an irregularity for the process of sweeping the incoming Ether to the company's exchange.
QCX took full blame for the issues and mistake, & has promised that there's been no impact on account funding. In a reddit post, the company's official account stated:
"all withdrawals, including Ether, are being processed as per usual and client balances are unaffected." (Source at end of article)
As per data compiled by one reddit user - (source below) this bug has trapped 67,316.2838 Ether (approximately $14.8 million) in the SafeConditionalHFTransfer of the governing EDCC. QuadrigaCX's official statement explains that the mistake happened after a Geth upgrade. Older protocols of Geth, had made allowances for optional prefixes of 0x on Hex values, whilst the upgrade made the prefix mandatory. QuadrigaCX stated:
"Our code didn't prefix the Hex string with 0x and when we upgraded Geth from 1.5.3 to 1.5.9 on the 24th of May, the SHA3 function call failed and our sweeper process then called the contract with an invalid data payload resulting in the ETH becoming trapped."
QuadrigaCX stated that while the problem has negatively impacted the company's profits, a fix may come in the form of Ethereum Improvement Proposal 156, a small code piece that could be changed to give a solution to the issue of contracts holding ETH with no way to move them.
QuadrigaCX must now find a way to be content with this very pricy lesson:
Always. Validate. Inputs.
Related Reddit sources of info:
--
https://www.reddit.com/r/ethereum/comments/6ettq5/statement_on_quadrigacx_ether_contract_error/
--
https://www.reddit.com/r/ethereum/comments/6eruqb/if_your_exchange_is_related_to/diczqn0/
If you liked this blog post - please Resteem it and share good content with others!
--
Some of my recent blogs:
--
If you feel my posts are undervalued or you want to donate to tip me - I would appreciate it very much.
Bitcoin (BTC) - 18J6RRuzX4V7b2CDbx7tWZYNBLkkGWsvWX
DASH - XgZvsvSZgPkNbmGbRhc3S1Pt2JAc7QHwiS
PIVX - DA3azxQqJiX9t7EviuacpamfNhMi2zGAUh
Monero (XMR) - d8ecb02c09f70ec10504b59b96bc1f488af28b05933893dfd1f55b113e23fbff
Ethereum (ETH) - 0x3Ad69Ff057C9533ca667B2d7E3E557F5eeFd4477
Ethereum Classic (ETC) - 0x5ab2b08d4ce8d454eb9d1ecc65c6d8b0c5f9784c
LiteCoin (LTC) - LKdsnvSXk9JW99EiNicFMGKc1FXiBo9tUE
Stratis (STRAT) - SNsJp6v1jXvKWy4XcXSXfNQ9zhSJJppJgv
Synereo (AMP) - 1KnrL6wFHaT4gjJ2YJ5f6WmKTDJNsaBS8s
Expanse (EXP) - 0x819b9cce8630ab638198eabfd7496786c20d629a
ZCash (ZEC) - t1aCPEYELkGaf3GtgGTiCEDo7XfPm4QEwmL
Please note -- I will have limited internet access for awhile -- so PLEASE do not be upset that I cannot reply right away, or to everyone. I am dealing with some changes, and will have limited time online and will be happy if I get a few blog posts up a week.
Bitcoin (BTC) - 18J6RRuzX4V7b2CDbx7tWZYNBLkkGWsvWX
DASH - XgZvsvSZgPkNbmGbRhc3S1Pt2JAc7QHwiS
PIVX - DA3azxQqJiX9t7EviuacpamfNhMi2zGAUh
Monero (XMR) - d8ecb02c09f70ec10504b59b96bc1f488af28b05933893dfd1f55b113e23fbff
Ethereum (ETH) - 0x3Ad69Ff057C9533ca667B2d7E3E557F5eeFd4477
Ethereum Classic (ETC) - 0x5ab2b08d4ce8d454eb9d1ecc65c6d8b0c5f9784c
LiteCoin (LTC) - LKdsnvSXk9JW99EiNicFMGKc1FXiBo9tUE
Stratis (STRAT) - SNsJp6v1jXvKWy4XcXSXfNQ9zhSJJppJgv
Synereo (AMP) - 1KnrL6wFHaT4gjJ2YJ5f6WmKTDJNsaBS8s
Expanse (EXP) - 0x819b9cce8630ab638198eabfd7496786c20d629a
ZCash (ZEC) - t1aCPEYELkGaf3GtgGTiCEDo7XfPm4QEwmL
Please note -- I will have limited internet access for awhile -- so PLEASE do not be upset that I cannot reply right away, or to everyone. I am dealing with some changes, and will have limited time online and will be happy if I get a few blog posts up a week.