Ethereum Alarm Clock's smart contract is being targeted by exploiters

Quick Take

  • An exploited Ethereum Alarm Clock smart contract has allowed exploiters to take advantage of a gas refund bug.
  • Blockchain security and analytics company Peckshield first reported the exploit Wednesday.

An exploited Ethereum Alarm Clock contract has allowed exploiters to receive more ETH-denominated refunds than intended.

Ethereum Alarm Clock is a protocol that allows users to schedule future Ethereum transactions. The transaction scheduling logic it uses occurs in smart contracts.

Blockchain security and analytics company Peckshield reported the ongoing exploit earlier this morning.

Under the exploit, the attacker first calls a cancel() function on the Ethereum Alarm Clock contract with an abnormally high transaction fee. The exploit occurs in the following step, where the transaction fee refund is calculated too high, paying out a higher value than intended.

The end result gives the exploiter a much higher ETH refund because of the higher transaction fee that they set. Under normal circumstances, the user calling the contract would receive back only slightly more than what their transaction fee was, according to The Block Research's Igor Igamberdiev.

This is a developing story.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.