This article does not mention Storj but since it has 7772 tokens involved, I thought to post it, in case its helpful.
2 Likes
It’s important to note that the above malicious attack is stealing tokens from exchanges, not from individual personally controlled wallets. So, STORJ sitting in SNO wallets are as safe as can be expected and not affected by this issue… except in a secondary way if the value falls due to an exchange being successfully attacked.
For detailed reading… Here’s the research paper on the attack:
3 Likes
This was my concern too since many SNOs sell their Storj every month.
1 Like
Good call on sharing that! Hopefully exchanges are very quick in correcting the problem and honoring false return values from transfer and transferFrom. I would suppose that doing so ought to be pretty trivial for them, but there might be complications we don’t know about.
I read the paper and reviewed the Storj token contract carefully ( https://etherscan.io/address/0xb64ef51c888972c908cfacf59b47c1afbc0ab8ac#code ). As far as I can see, it has implemented transfer and transferFrom correctly as recommended by ERC-20/EIP-20. Any insufficient-balance problem will manifest as a throw from safeSub(), rather than a return value of false. If you compare it with the contract for BAT (which is mentioned specifically as a contract that does have the problem) you can see the difference. So I think the Storj token is entirely safe from the classes of attack described in the research paper. (I’m not an expert in Ethereum contracts, this is not a guarantee of safety, the token might suffer from other vulnerabilities other than those described in the paper, etc.)
But the Storj token appears to be safe from these attacks.
6 Likes