Binance processes $4.6 million dollar double spend with Filecoin

avatar

image.png

Filecoin is a decentralized storage protocol built upon IPFS launched back in August 2017. Filecoin's ICO was a pretty significant milestone in cryptocurrency history raising over $200 million in only 30 minutes.

On Wednesday, Binance processed a double deposit of FIL (Filecoin) due to a flaw in the RPC verification code. This means a user was able to deposit FIL tokens to Binance, and then deposit the same tokens a second time resulting in doubling their tokens.

The vulnerability was discovered when a miner tried to speed up a slow transaction to Binance by re-submitting it with a higher transaction fee. This is a standard process to increase the 'gas' paid for a transaction in an attempt to get it processed by miners quicker. The network is suppose to identify these duplicate transactions and attempt to cancel out the older one. In many cases it is unable to cancel the original transaction where the original transaction ends up executing and the new sped up transaction gets invalidated.

In the case of Filecoin, this process did not work properly and Binance accepted both transactions as valid transactions, crediting the account twice.

“Protocol Labs suggested that exchanges fetch message receipts from RPC StateGetReceipt, which has a serious bug. When there are two messages with the same sender and same nonce on-chain, (which means a double-spend), StateGetReceipt returns the same result for both of them,”
-Filecoin developer

While this problem is being addressed, exchanges have halted deposits for Filecoin.

In an open GitHub issue, the Filecoin team denies the problem being on their end but is in fact the result of Binance not properly validating transactions.

image.png

While it looks like a he said she said situation, it does appear the problem is not related to the Filecoin blockchain but in fact how Binance coded their integration with the Filecoin network.

Filecoin developers have offered to help audit Binance and other exchanges Filecoin integration.


Securely chat with me on Keybase

Why you should vote me as witness

Posted Using LeoFinance Beta



0
0
0.000
21 comments
avatar

It's a shame that this has happened. If it happens again, the project will slowly begin to die

0
0
0.000
avatar

Then this should be also possible with real (fiat) money.
The whole money centered economy would collapse very quickly.
I use money, but only out of "necessity".

0
0
0.000
avatar

Take a look at Zelcash that is rebranding to Flux.
Cloud usage already working and decentralized webhost coming with own pow algorithm.
51% hack proof

0
0
0.000
avatar

Pah, dangerous stuff. But the actual on-chain history should be untouched, so the damage would only be done to binance. Bad for them.

0
0
0.000
avatar

Get ready for the mass media to start spinning this into a FUD storm! It is this sort of stuff that they are just itching to get their hands on and throw out there. Doesn't seem like it has had much impact so far and it also sounds like they caught it fairly early.

Posted Using LeoFinance Beta

0
0
0.000
avatar

if i understood it this looks like it is doubled only on the binance exchange. binance should accept it as soon as possible and cover any damages made by it, before it becomes a "big news". 4 mill is probably nothing in the big picture for them. it could be much more if it becomes "ugly"

0
0
0.000
avatar

How are double spend and 51% attack related?

0
0
0.000
avatar

They are not.

Double spend is when the code does not verify transactions properly allowing the same tokens to be used two or more times. In this case, it appears a transaction was sent to Binance, a new copy of that transaction sent with higher gas fees, and Binance should have verified the transaction as the same but instead it considered them as unique, but some how didn't verify it was valid.

A 51% is when you own enough of the network to take control and do whatever you choose to do.

The situation I wrote about is bad validation code causing a local balance error (on Binance's own wallet).

Posted Using LeoFinance Beta

0
0
0.000
avatar

Ah ok. Isn't the double spend as simple as each transaction having a different hash? Why is it so complicated to get right?

0
0
0.000
avatar

How does this relate to you? Stupid! Low Ability Mark, ALWAYS!

WechatIMG448.jpeg

0
0
0.000
avatar

HAH. Centralized garbage exchange doing garbage things.. Imagine that.

Fuck binance.

0
0
0.000
avatar

FILECOIN is trash , A VC moneygrab...

0
0
0.000
avatar

I hope there is a knee jerk reaction from Grayscale Financial.

0
0
0.000
avatar

Binance has really started to piss me off ever since the steem drama first came up... I don't have a final opinion yet, but I am not happy with the lack of leadership going on there, not to blame the CEO himself, but someone needs to be a director around there and get those lead roles the fuck in gear.

0
0
0.000
avatar

What a useful and informative post @themarkymark. I have heard about Filecoin, but have not yet done much of my own research into it. This incident is a bit of a concern though and does make me think twice about Filecoin.

0
0
0.000
avatar

In a bear market, things like that doesn't happens :D

0
0
0.000
avatar

FILECOIN seemed like a good project to me, but this event makes me change my mind a bit

0
0
0.000