Binance processes $4.6 million dollar double spend with Filecoin

image.png

Filecoin is a decentralized storage protocol built upon IPFS launched back in August 2017. Filecoin's ICO was a pretty significant milestone in cryptocurrency history raising over $200 million in only 30 minutes.

On Wednesday, Binance processed a double deposit of FIL (Filecoin) due to a flaw in the RPC verification code. This means a user was able to deposit FIL tokens to Binance, and then deposit the same tokens a second time resulting in doubling their tokens.

The vulnerability was discovered when a miner tried to speed up a slow transaction to Binance by re-submitting it with a higher transaction fee. This is a standard process to increase the 'gas' paid for a transaction in an attempt to get it processed by miners quicker. The network is suppose to identify these duplicate transactions and attempt to cancel out the older one. In many cases it is unable to cancel the original transaction where the original transaction ends up executing and the new sped up transaction gets invalidated.

In the case of Filecoin, this process did not work properly and Binance accepted both transactions as valid transactions, crediting the account twice.

“Protocol Labs suggested that exchanges fetch message receipts from RPC StateGetReceipt, which has a serious bug. When there are two messages with the same sender and same nonce on-chain, (which means a double-spend), StateGetReceipt returns the same result for both of them,”
-Filecoin developer

While this problem is being addressed, exchanges have halted deposits for Filecoin.

In an open GitHub issue, the Filecoin team denies the problem being on their end but is in fact the result of Binance not properly validating transactions.

image.png

While it looks like a he said she said situation, it does appear the problem is not related to the Filecoin blockchain but in fact how Binance coded their integration with the Filecoin network.

Filecoin developers have offered to help audit Binance and other exchanges Filecoin integration.


Securely chat with me on Keybase

Why you should vote me as witness

H2
H3
H4
3 columns
2 columns
1 column
21 Comments
Ecency