SlowmMist Cybersecurity finds Tether Double-Spending Vulnerability

tether

SlowmMist Cybersecurity finds Tether Double-Spending Vulnerability

Adding further controversies around Tether, a Chinese private cybersecurity firm SlowMist has found a double-spending vulnerability in Tether (USDT).  Post SlowMist tweet, Omni founder has also reverted back giving an explanation of what went wrong.


SlowMist revelation

SlowMist states in a tweet that they were able to send USDT to an unnamed exchange without correct field values on the transaction. The revelation has been worth noticing at that meant individuals may be credited for tokens without actually having sent them, leading to a double spend.  It also asked the relevant exchange should suspend USDT recharge function as soon as possible, and self-examination code whether there is this logic flaw.

“The exchange in the USDT recharge transactions to confirm the success of a logical flaw in the transaction details on the blockchain valid field value is true, resulting in “pretend value”, the user has not lost any USDT but successfully recharge the exchange USDT, and these USDT can be normal transactions.”

Also, read: Tether [USDT] Replaces Tron [TRX] at 10th Spot with Fresh 250m Supply

Omnilayer – USDT provides an explanation

Following the tweet from SlowMist, a founder of OmniLayer, the platform on which USDT was created, offered an explanation to the error. According to him, it was the exchange that accepted the transaction without checking the valid flag which leads to double spending.

He took reddit to reply which could be quoted as

“I designed Omni so that to double-spend an Omni asset, you would have to double-spend bitcoin. If I’m translating this correctly, it appears that what happened here is that an exchange wasn’t checking the valid flag on transactions. They accepted a transaction with valid=false (which they should not have), and then the second “double spend” transaction had valid=true, which they also accepted. Unless I am missing something, this is just poor exchange integration.”

There was another explanation, a more elaborate one, provided by a maintainer and developer of Omni Core, the reference client for the Omni Layer. According to him

“ This is in no protocol vulnerability, but rather a poor handling of incoming token payments, if this was indeed exploited in the wild. As far as we know, there was an integrator, which hasn’t checked the valid flag at all, and simply credited the tokens, without ensuring and checking, whether they were actually transferred.”

He further added that

“The reference client of the Omni Layer, Omni Core, doesn’t credit any tokens from invalid transactions, while the JSON-RPC API still provides information about such a transaction, but clearly indicates, whether the transaction is valid. In such a case the result also has an “invalidreason” field, which provides explicit information about why the transaction is considered invalid, e.g. in case of not enough balance.”

In likes of these allegations and explanations, OKEx circulated to its customers that exchange is NOT exposed to the vulnerability. It also assured that all the assets are safe with the exchange.

With these vulnerabilities exposed, there are again questions raised about the security measures that exchanges are taking. Such lapses are making the investors jittery and most of them happen to be selling cryptocurrencies because of these reasons.

Will the exchanges work towards patching these vulnerabilities to gain the confidence of investors back? Do let us know your views on the same.

Summary
SlowmMist Cybersecurity finds Tether Double-Spending Vulnerability
Article Name
SlowmMist Cybersecurity finds Tether Double-Spending Vulnerability
Description
A Chinese private cybersecurity firm SlowMist has found a double-spending vulnerability in Tether (USDT).  Post SlowMist tweet, Omni founder has also reverted back giving an explanation of what went wrong.
Author
Publisher Name
COINGAPE
Publisher Logo
Coingape is committed to following the highest standards of journalism, and therefore, it abides by a strict editorial policy. While CoinGape takes all the measures to ensure that the facts presented in its news articles are accurate.
Disclaimer The views, opinions, positions or strategies expressed by the authors and those providing comments are theirs alone, and do not necessarily reflect the views, opinions, positions or strategies of CoinGape. Do your market research before investing in cryptocurrencies. The author or publication does not hold any responsibility for your personal financial loss.
Author: Nilesh Maurya
Nilesh Maurya has been associated for past 8 years as an Investment Banker with Omega Capital, a bespoke Investment Banking outfit having offices in Mumbai, New York, Singapore, and Dubai. He has been a regular contributor to business publications such as Business India and Market Express and has been a mentor to many start-up companies. Nilesh Maurya has been associated for past 8 years as an Investment Banker with Omega Capital, a bespoke Investment Banking outfit having offices in Mumbai, New York, Singapore, and Dubai. He has been a regular contributor to business publications such as Business India and Market Express and has been a mentor to many start-up companies. Follow him on Twitter at @KoinKing1 or connect with me on linkedin.
Post your comment...
Nilesh Maurya 688 Articles
Nilesh Maurya has been associated for past 8 years as an Investment Banker with Omega Capital, a bespoke Investment Banking outfit having offices in Mumbai, New York, Singapore, and Dubai. He has been a regular contributor to business publications such as Business India and Market Express and has been a mentor to many start-up companies. Nilesh Maurya has been associated for past 8 years as an Investment Banker with Omega Capital, a bespoke Investment Banking outfit having offices in Mumbai, New York, Singapore, and Dubai. He has been a regular contributor to business publications such as Business India and Market Express and has been a mentor to many start-up companies. Follow him on Twitter at @KoinKing1 or connect with me on linkedin.
Follow Nilesh @