Major Security Flaws Threaten Deployment of EOS Mainnet
With just four days before the anticipated release of the EOS mainnet, major security flaws are threatening the hype around the widely-hailed smart contract platform.
Chinese cybersecurity firm Qihoo360 released a report this morning outlining their discovery of “epic vulnerabilities” in the EOS code base. These vulnerabilities would enable bad actors to create and distribute malicious smart contracts to the entire EOS network. The severity of the security flaw cannot be understated, as a quote from a blog post by the company reads:
“The attacker can steal the private key of super nodes or control content of new blocks. What’s more, attackers can pack the malicious contract into a new block and publish it. As a result, all the full nodes in the entire network will be controlled by the attacker.”
If this statement is accurate, nodes of wallets and exchanges would be susceptible to manipulation and theft.
Now the question is: will today’s news force EOS to delay the deployment of its mainnet?
Although EOS hasn’t released an official statement on the matter, it seems the company is taking swift action to correct the issue. A published correspondence in Qihoo360’s blog post between EOS lead developer Daniel Larimer and the Chinese agency indicates that the problem has been resolved. However, Larimer announced a bounty program on Twitter that awards $10,000 to any party successful in finding more vulnerabilities.
Help us find critical bugs in #EOSIO before our 1.0 release. $10K for every unique bug that can cause a crash, privilege escalation, or non-deterministic behavior in smart contracts. Offer subject to change, ID required, validity decided at the sole discretion of Block One.
— Daniel Larimer (@bytemaster7) May 28, 2018
Although the bounty program is proactive in its attempt to resolve potential future issues, it also epitomizes the troubling nature of the findings. EOS is the fifth-largest cryptocurrency in the world and it intends to compete with Ethereum as the dominant decentralized application (DApp) platform in the space. With the launch only days away, it is natural that concerns about the security and efficacy of the platform would arise.
Perhaps in response to the unsavory news, EOS is the noticeable laggard in an otherwise green market. The price of EOS dipped to an inter-day low of $10.93 before ultimately recovering to roughly $12 at the time of this writing with $1.9 billion in 24/hr trading volume.
You can stay up-to-date on the evolving situation here
Cobinhood – A Zero Trading Fee Cryptocurrency Exchange Say hello to Cobinhood, a cryptocurrency exchange that charges zero fees for trading. Yes, you heard that right, zero! With a cheeky take on the Robinhood theme, Cobinhood has decided to move in…
Bitcoin has radically changed the payment model for worldwide transactions. So far in 2018, the number of transactions has ranged between the 150 000 and 400 000 per day level. But now, as more and more people worldwide start using…
A number of leading businessmen and economists have questioned the need for cryptographic currencies over traditional fiat (paper) ones. Bitcoin, the first decentralized cryptocurrency, was largely created as a response to and rose to popularity as a result of the…
ABOUT THE AUTHOR
ABOUT THE AUTHOR
Richard is a blockchain investor who loves health/wellness, backpacking, social entrepreneurship, and DC sports.
He is the in-house skeptic of many altcoins but is very bullish on blockchain and Bitcoin.