ERC-20 Smartmesh BatchOverflow Bug: What Happened? How did Exchanges Handle it?

Two days ago exchanges across the crypto community suspended ERC-20 Token transactions due to the BatchOverflow Bug. Exchanges Huobi Pro, OKex, Poloniex, Changelly, Quoine and HitBTC all halted ERC-20 Token transactions due to BatchOverflow Bug.

()

The BatchOverflow Bug vulnerability could have allowed an attacker to gain large amounts of ERC-20 tokens from token contracts that utilized “BatchTransfer”. Luckily not very many contracts used “BatchTransfer”. The BatchOverflow Bug was first found by PeckShield during a scan looking for overtly large token transfers, which turned up an enourmous transfer of MESH Tokens. Another large transfer was found with the SMT (Smartmesh) token shortly after discovering the first extraordinary transfer. 65 Octodecillion SMT Tokens were found in the transfer which is 65 X 10^57 (57 zeros after the 65). BeautyChain (BEC) experienced a transfer of 57.9 Octodecillion tokens..

Some of the ERC-20 tokens that have been discovered to be effected by the BatchOverflow Bug are: MESH, PROPY, UGToken, SMT, SMART, MTC, FirstCoin, GG Token, CNY Token, BEC, and CNYTokenPlus.

Huobi Pro was one of the first exchanges to swiftly take action and issued a notice of suspending all transactions for all coins, a pre-emptive measure to ensure that no tokens were fraudulently traded for other cryptocurrencies like BTC or ETH. Huobi Pro’s automated system detected all abnormal deposits and did not credit them to user accounts. After Huobi Pro determined that the exchange was safe from such deposits they changed the suspension to only ERC-20 related transactions. Approximately 27 hours after the intial transaction suspendion Huobi Pro resumed deposit and withdrawl of all ERC-20 tokens except for Propy (PROPY) and Smartmesh (SMT).

Link to Huobi Pro: http://bit.ly/2JtYwJJ