Recently, the exposure of BEC and SMT’s smart contract security loopholes has panicked a lot of blockchain practitioners. Let's have a look at the "crime scene" first.
Using the BEC loophole to create a huge amount of tokens
Using the SMT loophole to create a huge amount of tokens
Upon the exposure, Yee team checked BEC and SMT’s smart contract code immediately, and found out that BEC’s smart contract security loophole is due to the data overflow of BatchTransfer loophole, and SMT’s smart contract security loophole is caused because there is no protection for large numbers in the proxy transfer logic, resulting in the overflow of large numbers. The root cause of these two problems is that library SafeMath is not used, and ordinary addition, subtraction, multiplication and division are used.
For example, in the BEC loophole, this multiplication does not use library SafeMath. Instead, it uses "*", which causes data overflow.
By the same token, the error code of SMT's smart contract does not use the official library SafeMath, but uses the ordinary "+" instead, which leads to large numbers lacking protections in the proxy transfer logic, resulting in the overflow of large numbers.
The correct way is to use the library SafeMath function as our code does to complete the smart contract code, which can ensure the security and stability of the smart contract code.
Currently, many of the exposed loopholes are due to the direct use of ordinary addition, subtraction, multiplication, and division, and lack of overflow judgment, which poses the data overflow risk. However, the use of library SafeMath can completely solve the problem of data overflow. Hence, the solution is simple: look through the smart contract code, and replace "+" "-" "*" "/" with library SafeMath. This can completely solve the problem of data overflow.
Here, Yee also hopes that all blockchain practitioners could pay more attention to the technical level while attending meetings and enhancing media exposure. Only safe technologies can guarantee the normal operation of blockchain products and enable more people to Enjoy the various services brought by the blockchain.
Yee application YeeCall itself faces enormous technical challenges. We have built a global communications network with 5 data centers and more than 400 relay nodes, and this network is once called by AWS and Telstra as the "Last Mile" of the global communications network. In order to solve the complex environment and ultra multi-terminal support problems in mobile-end communications, our technical team keep coding days and nights and managed to develop a communication protocol that completely possesses independent intellectual property rights, and we also creatively used artificial intelligence to solve the noise elimination problem. All of these are serving the same goal: to make YeeCall users have a better user experience and communicate more closely with family and friends.
We love technology and embrace the blockchain. We also welcome talents in Java, server, Android, iOS, and blockchain technology fields to join the Yee team and create a better future for the blockchain. If you’re interest in joining us, please contact us at:
dream@yeecall.com
