Non-custodial exchange DeversiFi – whose wallet was involved in the Ethereum (ETH) transaction that cost USD 23.5m – explained what happened.
Per the report, “underlying issues in the EthereumJS (JavaScript) library coinciding with gas fee changes associated with the EIP-1559 upgrade in some circumstances can lead to transactions with extremely high fees.”
Furthermore, Ledger hardware wallets may display fees in a non-human readable manner.
They added that only wallets with a “very large quantity of funds” would be impacted, while the rest would see a failed transaction.
During their investigation into the root cause, the team performed mock deposits using Ledgers so to replicate the problem. They found that “when the gas and priority fees were calculated and then converted into a big number object. Since the last few blocks are used to predict priority fees, the calculation could result in a decimal figure.” EthereumJS library does not support decimal values, so this would then lead to an error – but “since the value was converted to a buffer first no error handling was triggered.”
As an example they gave passing a value of 33974230439.550003, which would set an integer 35624562649959629 – potentially six orders of magnitude higher than intended.
“DeversiFi is actively engaging with both the Ethereum community and Ledger to patch issues that may have contributed to this occurrence,” the report said, adding that: “EIP-1559 does not protect against accidental overspending.”
As reported, crypto exchange Bitfinex paid USD 23.5m (ETH 7,676.61) in transaction fees for a transfer of close to USD 100,000 in tether (USDT) via the Ethereum network. A day later, the miner of that block returned all the funds, minus ETH 50 given as a return fee.
Rotkiapp founder Lefteris Karapetsas described reading this postmortem as “horrifying.” “The fact that this can happen shows how broken crypto UX [user experience] and priorities are,” he said.
Also super cool of the miner to return the funds, minus a reward for being cool.
They had absolutely no obligation or need to do so. Huge huge huge kudos!
— Lefteris Karapetsas | Hiring for @rotkiapp (@LefterisJP) September 29, 2021
____
Learn nore:
– Sender of USD 5.3 Million ETH Transactions Reportedly Revealed
– Friday 13 Strikes: Crypto Exchange Employee Makes USD 82,000 Fee Gaffe
– Ethereum Users Flock To Arbitrum In Search of Scalability
Source: Cryptonews