Ethereum Alarm Clock's smart contract is being targeted by exploiters

Quick Take

  • An exploited Ethereum Alarm Clock smart contract has allowed exploiters to take advantage of a gas refund bug.
  • Blockchain security and analytics company Peckshield first reported the exploit Wednesday.

An exploited Ethereum Alarm Clock contract has allowed exploiters to receive more ETH-denominated refunds than intended.

Ethereum Alarm Clock is a protocol that allows users to schedule future Ethereum transactions. The transaction scheduling logic it uses occurs in smart contracts.

Blockchain security and analytics company Peckshield reported the ongoing exploit earlier this morning.

Under the exploit, the attacker first calls a cancel() function on the Ethereum Alarm Clock contract with an abnormally high transaction fee. The exploit occurs in the following step, where the transaction fee refund is calculated too high, paying out a higher value than intended.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

The end result gives the exploiter a much higher ETH refund because of the higher transaction fee that they set. Under normal circumstances, the user calling the contract would receive back only slightly more than what their transaction fee was, according to The Block Research's Igor Igamberdiev.

This is a developing story.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Mike is a reporter on the crypto ecosystems team who specializes in zero-knowledge proofs and applications. Prior to joining The Block, Mike worked with Circle, Blocknative, and various DeFi protocols on growth and strategy.