/biz/ - Business & Finance

Uh

AW SHIT TIME TO GO HUNTING. LOL ITS TIME TO PUT MY COMPUTER SCIENCE DEGREE TO SOME USE

>>7168355
plz not mine

NOO MYY LINKIEES

what exploit?

NEED SOURCE NOW faggit

I NEED NAMES BITCH

Is it over..?

>>7168355

i hope this is true

>>7168355

You remember when 4chan found the Intel exploit in CPU'S 4 weeks ago?

HERE WE GO

>>7168355
>The exploit

The fuck is this shit. Don't act like everyone knows what your LARP is on about. Give us some hot sauce dammit

>>7168355
the absolute state of crypto. you faggots shouldve just opened a fidelity account

>>7168355
hope some blackhat will cause as much damage as possible that scam-like ecosystem fully deserves it

>>7168355
Press ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff to pay respects

>top 200
So probably irrelevant joke coins

stack overflow. imo is all bullshit

>>7168546
Someone discovered how to give himself free dividends on that Ponzi game
He gave himself the maximum amount then cashed out 1k eth

Explanation of the original flaw
>>7162328

>>7168626
>Intel leaves a big Vulnerability in their CPU's
>pajeet devs somehow cant

>>7168665
exaggerated

>>7168643
How did he "pass" that value? It's not like he has ownership over that contract.

>>7168755
>what is a public function?

not many others that are as stupid as powh devs so should be ok

>>7168498
Don't worry Sergey is a good developer.

>>7168755
he poo'd it

>>7168355
good

>>7168546
It pretty much allows people to withdraw tokens they don't own.

>>7168798
original code was taken from a trezor engineer

>>7168542
The 400lb hacker known as 4chan strikes again!

>>7168755
>>7168790
I'm familiar with the concept of integer overflow but I'm still not sure how this specific exploit was executed. Nothing was added to _value before checking the balance, so what caused it to overflow? Can any compsci anons explain this in more depth?

>>7168798
Original code was taking from a Math Phd


WE ARE FUCKED

>>7168519
Literally ALL erc 20 Token

>>7168798
Every developer makes mistakes all the time. I know because I am one. The difference is that important code that deals with money is usually first tested for months, not slapped together in an hour and released.

>>7168887
join the biz discord, I'm expaining it there rn
watch out for tokens being drained in the next days, this is actually no fud and true. eth will dump

>>7168887
Could be that he used signed integer later in the code. So it became -1

i just woke up, what exploit?

is ven an erc20 token

>>7169047
whats the discord

>>7169097
yes, the fact that you need to ask this and bought this shit rustles me

they had to say top 200 instead of 100 because link fell to passed 100 recently

>>7169135
top fucking kek

>>7169122
i bought at ATH i have the right to act like a retard

>>7169047
what about non-eth like stellar

>>7168887
this is the internal function that got called:

function transferTokens(address _from, address _to, uint256 _value) internal {
if (balanceOfOld[_from] < _value)
revert();
if (_to == address(this)) {
sell(_value);
} else {
int256 payoutDiff = (int256) (earningsPerShare * _value);
balanceOfOld[_from] -= _value;
balanceOfOld[_to] += _value;
payouts[_from] -= payoutDiff;
payouts[_to] += payoutDiff;
}
Transfer(_from, _to, _value);
}

>>7168962
Speaking as someome in infosec, mathematicians could‘t write good code if their life depended on it

>>7169156

XLM, BTC, NEO and so on are safe

>>7168355
>mfw the shadowfork meme became reality

just relax

>>7168355
post discord

>>7168355
So this means OMG is now worthless?

tfw i know the tokens affected

>>7168835
Are you sure about that? I thought the tokens are just inaccessible in a contract and thus lost.

>>7169173
>Speaking as someome in infosec
skiddie detected

I am 100% all in on FUN, RLC, and OMG.

How fucked am I?

>>7169254
you are not

pofwh was jsut a scam

>>7169286
lol but the exploit isn't just pofwh nignag

to those of you smart enough to read replies:
the plebbitor is claiming erc20 tokens are compromised scams because he fell for the powh ponzi scheme

>>7169318
if it was for everything else then already gone. do you think they would start with this piece of shit coin?

Guys? How serious is this? If this is really widespread and an inherent flaw of ERC20 token and someone uses the exploit for other coins, couldn't everything just crash once this becomes public? This would pretty much destroy all confidence in the entire crypto market.

>>7169350
>be me super hacker
>have an exploit to destroy some top 100 coins
>decide to exploit powh

come on with this bullshit

LMAO someone in the discord just withdrew 100k from LINK check it on etherscan

https://etherscan.io/token/0x514910771af9ca656af840dff83e8264ecf986ca

>>7169047
discord inv link pls

>>7169367
AH!

>>7169254
Keep holding, sure somebody will buy your bags, after the price crashed 90%

>>7169379
WHAT THE FUCK SERGEY!!!!!!!!!!

YOU'RE A PHILOSOPHY MAJOR HOW DID YOU MISS THIS SHIT

>>7169350
>>7169367
The intel exploit was discovered on 4chan

This is why you join cardano friends. It is academically peer reviewed block chain by the top Autist in the world. It is being worked on so slowly and precisely because of shitty things eth has like this.

It will go parabolic within months. You heard it here. And screencap this so I can laugh at you guys later.

>>7169350
>entire crypto market
Haha no, only your shitty "me too" scam tokens.

>>7169452
and when are they finally launching?

>>7169253
To some degree you‘re actually right

I'm all in on LINK as an absolute poorfag

How fucked am I?

>>7169461
That's not what I mean. If the media reports something like 'Ethereum based tokens have been hacked', then this is it. ETH is currently the coin holding everything together. Once people realize this shit is hackable they will panic sell so hard.

>>7169432

read the fucking pic.

discordgg/wFXfxq

>>7169468
2021

>>7169468
Doesn't matter friend. I can't tell you to be honest. All I know is I have some shitcoins on Binance to do trades. And I have my main hold in my safe autism wallet.

Whales have been blocking it's break outs for a month now. Check the chart , no bs. I saw a million dollar sell order the other day to scare anyone trying to buy.

You have all been warned.

LOOK AT THE PRICE OF LINK RIGHT NOW

>>7169379
AHAHAHAHHAHAHAHAHAHAHAHAHAH
Stinky linkies got stinked

>>7169432
Bullshit it was a bunch of researchers from universities.
>On Wednesday evening, a large team of researchers at Google's Project Zero, universities including the Graz University of Technology, the University of Pennsylvania, the University of Adelaide in Australia, and security companies including Cyberus and Rambus together released the full details of two attacks based on that flaw, which they call Meltdown and Spectre.

https://www.wired.com/story/critical-intel-flaw-breaks-basic-security-for-most-computers

>>7169516
SOMEBODY IS EMPTYING ALL LINK WALLETS AND SELLING LINKS IN BINANCE HOLY FUCK CHECK ETHERSCAN

>>7169489
Ha, me too. :(

>>7169516
I JUST CHECKED MY 200K WALLET AND ALL OF IT IS GONE
WHAT THE FUCK

>>7169489
you were fucked anyway exploit or not

fud

now listen up heres a story
about a little guy who lives in a red world

>>7169379
>200k
ayyy

>>7169594
2/10 LARP

This is the purge. The chosen coins will survive. The shitcoins shall die and the holders shall be red wojaked. The day of reckoning.

KEK, rip linkies

Guys, exploit found. We don't have their names. Source is discord. You heard it here first. Big AND true.

>>7169655
discord link

It's just an overflow exploit, it involves some argument being passed into a transaction with a value of fffffffffffffff (max unsigned int).

think 1gp over rs max stack

>>7169667
he was being sarcastic

>>7169655
Which discord ?

function transferTokens(address _from, address _to, uint256 _value) internal {
if (balanceOfOld[_from] < _value)
revert();
if (_to == address(this)) {
sell(_value);
} else {
int256 payoutDiff = (int256) (earningsPerShare * _value);
balanceOfOld[_from] -= _value;
balanceOfOld[_to] += _value;
payouts[_from] -= payoutDiff;
payouts[_to] += payoutDiff;
}
Transfer(_from, _to, _value);
}


(address _from, address _to, uint256 _value)
_value being set to max unsigned int causes the overflow

It would be funny if this was about Quantstamp

>>7169719

we have a fucking software phd confirming the erc20 exploit right now, this is legit lmao
this is the discord
discordgg/wFXfxq

>go in discord
>it's true
AAAAAAHHHHH

>I don't want to participate in Ponzi scheme because "I don't want to be a faggot that loses my money off a scam artist simulator"
>Ponzi makes me lose money anyway

Really sticks a dick in the gray matter.

Correct me if I’m wrong but wouldn’t this cause QSP to moon?

>>7169159
>no checks on arguments

Quality coding. This is how you crash an aircraft, or internet monopoly money.

>>7169781
bingo
that's why nobody is shilling it
REMEMBER
if it is shilled on /biz/ sell sell sell asap

>>7169763
kek

even in this discord the people called in FUD. the 100k link where goiing in 6 minutes befor they went out..

>>7169432
Hurr durr, it became public knowledge when an amd dev made some commits to the linux kernal and the super fucking nerds pieced it together from the wording in the comments. 4chan didn't do shit.

I feel like if this were true it there would be eight threads about it.

Bad time to buy LINK?

>>7169888
of course lmao

>>7169903
No, that would be stupid. Give it 2 or 3 days till those in the known have sold and shilled the shit out of eth for the normies. Then observe how this scam coin goes from 1000 to 2 in several minutes

>>7169903
https://medium.com/@ebanisadr/how-800k-evaporated-from-the-powh-coin-ponzi-scheme-overnight-1b025c33b530

>>7169497
holy fuck..

>>7169955
So it's basically localized to POWH for being poorly coded shit and the post above is just larping because the Top 100 coins aren't a poorly coded ponzi?

>>7170015
correct

>>7170015
normies don't know that. And regarding the overall bearish tendency, it is more than enough to kill the last bit of trust in crypto for stupid money

SOO DO I SELL COIN OR BUY
UGA BUGA

>>7170048
neither, won't matter..eth prolly gonna fork after this

>>7170100
but do i sell my poet

>>7170100
even devs admit their code was literally shit

>>7170175
it wasn't their code, retard

Can someone fucking tell me how widespread this is without the fud? Please? Shit like this is what makes markets crash. When people suddenly realize their digital shitcoins aren't really worth anything and can be stolen at any second.

all in stratis

>>7170186
sellmytokensdaddy

yes sure the TREZOR DEV wrote that

>>7170196
get in the Discord

NOW

>>7170196
literally nobody knows. Trust in erc20 will go down the drain once this bug gets a little bit more publicity

>>7170243
if this was applied to all ERC20 tokens we wouldnt be here talking. we would see everything gone already fucking idiots

do you think they are waiting to become public ?

>>7170199
they renamed a couple functions

here's the original source on the eth testnet
https://ropsten.etherscan.io/address/0x2CB6ef99FbC78069364144E969a9A6e89E550359#code

here's the original article from the trezor dev / guy that runs the mempool stats.

https://test.jochen-hoenicke.de/eth/ponzitoken/

also i don't think any ERC20 tokens are impacted, probably just fud.

There's literally no example of a real ERC20 token being vulnerable to this. Arc even said so himself. This FUD is only making things worse.
Go to your contract of choice and see if it uses safemath. If it does, then odds are it's fine.

>>7170263
It takes an average of one and a half day for such information to get to the more informed normies, between two and three days for msm to catch up. Either way, the outcome is the same. More bugs in crypto, less trust in crypto, more crashing

>>7170263

lmao they slowly drain it to not crash the sell price for their own ETH brainlet

>>7170286
you realise, that a majority of crypto gamblers never looked at code. Only the mentioning of possible critical bugs is enough to send speculative markets like this to a 90% down ride

>>7170287
you understand that happened to a fucking ponzi scheme coin with the name scam in it?
do you think oooh we lose trust in crypto because people lost money in the ponzi scheme coin
fuckin idiots to put money in this shit in the first place.

Has there been any positive news? China, Korea, India FUD and now this shit. Also KuCoin's coins got hit hard as fuck.

>>7170326
crash? the price of ETH would skyrocket. since you selling tokens to buy ETH.

>>7170333
Which is why FUD like this only hurts us all. Also checked

Well, guess that serves me right.
At least being completely broke will make me get a job again, or starve, either way is fine.

>>7168799
Yeah philosophy majors are knowing for their extraordinary coding abilities

>>7169156

Stellar is not Ethereum based what the fuck

how did u even buy Stellar without knowing this?

>>7170348
>do you think oooh we lose trust in crypto
No, cryptotards hate money so much that they will sink with their funny internet money. But cryptotards are not important in the big picture.
>>7170369
It will hurt, more then Vitaliks supposed death. That's why today is the perfect moment to get on the sideline, if you don't hate money and are no delusional crypto acolyte

>>7170434
thats what he said

>what if there was a coin specifically created to audit other coins
>what if its purpose to find exploits in other coins
>what if this already exists
>what if by auditing coins it rewards people who hold it
>what if quantstamp is the one that has this exploit

>>7169155

kek

>>7168610

this

coins between 100-200 are all shitcoins at this point

I don't get it, so if this PowHcoins contract is exploitable, why would it affect any other coins? why would top 200 coins have copied that

just. read. this. picture. and. sell.

>>7168610

This.

If they had said 3 in the top 50 then I'd give a shit.

Sell your OMG and LINK NOW!!!!!!!!

post proof of anyone actually draining an erc20 contract. kthxbai

>>7170689
Exactly. If this is so DOOM, why arent’t blackhats stealing millions of every erc20 token? That’s what I thought

Only the real madmen are gonna invest in EthPyramid tonight. We've already had 3 fuckups in 3 days.

>>7170430
That's like saying a CEO of a chain store has to be good at cleaning vomit from the aisles.

>>7168542
There was few reports or suspicions back in 2017 June or July, can't remember. All 4chan did is posted a thread with link to some security expert tweet.

Source:
>https://www.youtube.com/watch?v=0o6MoJ2gHHI

aaaaaaaand this is why you use NEO instead of ETH.

what anon's need to do is send this story to bloomberg, mfw it'll crash the price of ETH

>>7169719
The overflow is in payoutDiff

>>7169955

Good read. Thanks.

>>7170766

>>7170440
parity multisig hack was super bad and sent me into full panic mode - eth price barely moved in the end tho

>a ponzi scheme that literally advertises itself as a ponzi scheme had a poorly coded smart contract that lost money for the idiots invested in it
Oh no ETH is ruined.

You know that "SafeMath" library you see at the top of every fucking non-garbage smart contract you read? That's what it's there for. And no, in case you're thinking it: a contract that doesn't use SafeMath isn't automatically vulnerable either. In fact, most contracts don't need it at all. If the values are properly checked in the code then over/underflow can still be guaranteed to be impossible. Hell, most contracts don't even need to do any checking in the first place because they're designed in such a way that there's no series of transactions that could make overflow a possibility.

The code of this smart contract was all kinds of terrible and reeks of amateur. Anyone saying they found a top token with an even remotely similar exploit is probably lying to you. This isn't a mistake anyone could make and it wasn't an elaborate loophole exploited using some nuance of solidity or anything like that. This was a very simple error that wouldn't have made it past even the most basic of audits. This is the kind of thing that could only ever occur in a scam contract like this where nobody bothers to check the code in the first place because they don't give a shit or are so sure they'll miss their opportunity by the time they finish comprehending it, and so they got burned for it.

AHHHHHHHHHHHHHHHH I LOST EVERYTHING THE BANK IS GONNA FORECLOSE ON MY HOUSE AND MY WIFE AND HER SON ARE LEAVING ME.

MAKE IT STOP MAKE IT GO AWAY

>>7171148
Bravely said... Most people will be brave enough to believe this shit. I'm afraid he's wrong though. Hes just busy manipulating the markets again. (He actually doesn't believe this shit, but needs you to believe it so he can make more money)

dont tell me some retard really cast an unsigned int to a signed int in a function that LTIERALLY FUCKING TRANSFERS MONEY

if this is true, Crypto is finished lmao.

lolll at the code in that medium contract. doesnt naming shit like that (sellMyCoinDaddy) and not indenting just make it harder for the writer and the reader. baka.

ill never understand people taking shortcuts that arent even shortcuts and that are strictly harmful.

fuck QASH and DENT are erc20