“Ethereum account balance manipulation” a major ETH bug on the Coinbase platform allowed access to an unlimited supply of Ethereum coins in your wallets. All you needed to do was some clever manipulation of some smart contract execution either via a faulty transaction or faulty wallet, and you could have potentially become a Millionaire. But alas, the opportunity is gone.
The bug was detected by a Dutch fintech company by the name VI Company. They identified and reported the vulnerability in the Coinbase platform back in December last year. It took over a month for the US-based cryptocurrency exchange to resolve the issue. VI Company received a reward of $10,000 from Coinbase for reporting the bug.
Luckily, no one else happened upon the “Ethereum account balance manipulation” bug and exploited it to cause any major issue for the exchange. Once the bug was resolved, Coinbase made an announcement mentioning, “The issue was fixed by changing the contract handling logic. Analysis of the issue indicated only accidental loss for Coinbase, and no exploitation attempts.”
So how did the bug allow unlimited ETH supply? Well, as many of you might know, smart contracts are an integral part of the Ethereum network. Now, let’s suppose a user used smart contracts to transfer ETH coins to multiple wallets. If and only if all of these transactions were successful, then it will be registered as multiple successful transactions on the Ethereum Network. Concurrently, if a single transaction failed, then by the nature of smart contracts, all prior intermediate transactions will also be reversed.
Now, the problem is that on Coinbase accounts, the failed transaction never end up getting reversed. Taking advantage of this simple bug, users had the potential to add an infinite number of ETH coins to their balance. Curiously, Coinbase’s wallet address would not show any new ethers being credited, but the user’s Coinbase wallet reflected all the newly added tokens.