On November 9, a statement appeared in Netta Lab’s Twitter account that the organization discovered a vulnerability in the Ethereum virtual machine that allows you to endlessly execute smart contracts without paying for gas online. The researchers also allegedly turned to the operator of the American database of vulnerabilities, where they registered the corresponding discovery.
Netta Labs discovered an Ethereum EVM vulnerability, which could be exploited by hackers. The risk of failure can be satisfied indefinitely without gas being paied.
– Netta Lab (@NettaLab) November 9, 2018
At Netta Lab's request, Google can find the site of the netto.io project, which specializes in auditing smart contracts under the Netta Lab brand, but the Twitter accounts of the projects do not match. Note that the profile that reported the vulnerability was registered in November.
Many users expressed doubts about the authenticity of the information that appeared, but then the creator of the NEO project Da Hongwei said that he spoke with the CEO of Netta Labs and asked the researchers to audit the NEO virtual machine.
Briefly talked with the CEO about the security issue. It seems quite serious. I am also asked to check NeoVM. https://t.co/2Vk9gUZn1S
– Da Hongfei (@dahongfei) November 9, 2018
I spoke briefly with [Netta Labs]. The vulnerability looks pretty serious , ”he stressed.
Nevertheless, Vitalik Buterin on Reddit wrote that this is a vulnerability in the Python-implementation of the virtual machine, which was first written on GitHub 9 days ago. This means that the main clients (go-ethereum; parity and cpp-ethereum) do not affect the problem.
Add that on Friday evening, Bitcoin developer Matt Odell also reported a potential vulnerability in the Ethereum protocol, which threatens funds on cryptocurrency exchanges .
Potential ethereum vulnerability. No details publicly released yet. https://t.co/M6DtfJC0mt
– Matt Odell (@matt_odell) November 9, 2018
The dApp developer Level K was the first to announce the risks for the infrastructure of some platforms, but details have not yet been disclosed.
There was a loss of funds. Please send your request to the following list: http://www.http.com/support or @levelk_io : https://t.co/2Y5niurffl
– Level K (@levelk_io) November 9, 2018
Recall hardfork Constantinople in the main network Ethereum supposedly held January 16, 2019 .