Major Security Flaws Threaten Deployment of EOS Mainnet

With just four days before the anticipated release of the EOS mainnet, major security flaws are threatening the hype around the widely-hailed smart contract platform.

Chinese cybersecurity firm Qihoo360 released a report this morning outlining their discovery of “epic vulnerabilities” in the EOS code base. These vulnerabilities would enable bad actors to create and distribute malicious smart contracts to the entire EOS network. The severity of the security flaw cannot be understated, as a quote from a blog post by the company reads:

“The attacker can steal the private key of super nodes or control content of new blocks. What’s more, attackers can pack the malicious contract into a new block and publish it. As a result, all the full nodes in the entire network will be controlled by the attacker.”

If this statement is accurate, nodes of wallets and exchanges would be susceptible to manipulation and theft.

Now the question is: will today’s news force EOS to delay the deployment of its mainnet?

Although EOS hasn’t released an official statement on the matter, it seems the company is taking swift action to correct the issue. A published correspondence in Qihoo360’s blog post between EOS lead developer Daniel Larimer and the Chinese agency indicates that the problem has been resolved. However, Larimer announced a bounty program on Twitter that awards $10,000 to any party successful in finding more vulnerabilities.

Help us find critical bugs in #EOSIO before our 1.0 release. $10K for every unique bug that can cause a crash, privilege escalation, or non-deterministic behavior in smart contracts. Offer subject to change, ID required, validity decided at the sole discretion of Block One.

— Daniel Larimer (@bytemaster7) May 28, 2018

Although the bounty program is proactive in its attempt to resolve potential future issues, it also epitomizes the troubling nature of the findings. EOS is the fifth-largest cryptocurrency in the world and it intends to compete with Ethereum as the dominant decentralized application (DApp) platform in the space. With the launch only days away, it is natural that concerns about the security and efficacy of the platform would arise.

Perhaps in response to the unsavory news, EOS is the noticeable laggard in an otherwise green market. The price of EOS dipped to an inter-day low of $10.93 before ultimately recovering to roughly $12 at the time of this writing with $1.9 billion in 24/hr trading volume.

You can stay up-to-date on the evolving situation here