An EOS-based token airdrop attracts community attention after a blogger discovered a bug in the smart contract leading to unlimited token distribution.Free Flow of Tokens
Se7ens.io, an EOS blockchain-based gaming project, recently ran an airdrop of its native SEVEN tokens. The airdrop, which was to distribute 10,000 SEVEN tokens, ended up handing out an unlimited number instead.
The incident, apparently, took place due to a bug in the code of the smart contract executed for the airdrop. The loophole was discovered by a Medium blogger who explained the details of the erroneous software in a blog published earlier on Thursday. He also reported the bug on Reddit, drawing immediate attention of the community.What Went Awry
He wrote:The smart contract of xxxsevensxxx is an extension of a standard eosio.token contract. They added a new method, “signup”, which takes the desired amount of SEVEN tokens, and just gives the tokens to the user, without leaving any action trace. So, the tokens appear magically on your account, without issue or transfer actions.
He then added:Also they forgot to verify the amount (why is there the amount at all?) in their signup method, so I managed to claim 1 billion of their tokens.
The blogger goes on to explain how the project team tried to cover up the incident. He says:After I published the above post on Reddit, they silently cut my balance to 100000 tokens and called it a bug bounty. I didn’t even receive any transaction in my history, and the tokens have magically disappeared. So, the team assigns themselves a freedom to modify user balances at will. I wonder how they plan to be listed on an exchange with such treatment of their assets.
He then goes on to explain the right way to execute an airdrop.EOS Woes Continue
The platform has been plagued with multiple issues since its mainnet launch earlier in June this year. Within a couple of days of going live, a bug in t...