Major Security Flaws Threaten Deployment of EOS Mainnet
With just four days before the anticipated release of the EOS mainnet, major security flaws are threatening the hype around the widely-hailed smart contract platform.
Chinese cybersecurity firm Qihoo360 released a report this morning outlining their discovery of “epic vulnerabilities” in the EOS code base. These vulnerabilities would enable bad actors to create and distribute malicious smart contracts to the entire EOS network. The severity of the security flaw cannot be understated, as a quote from a blog post by the company reads:
“The attacker can steal the private key of super nodes or control content of new blocks. What’s more, attackers can pack the malicious contract into a new block and publish it. As a result, all the full nodes in the entire network will be controlled by the attacker.”
If this statement is accurate, nodes of wallets and exchanges would be susceptible to manipulation and theft.
Now the question is: will today’s news force EOS to delay the deployment of its mainnet?
Although EOS hasn’t released an official statement on the matter, it seems the company is taking swift action to correct the issue. A published correspondence in Qihoo360’s blog post between EOS lead developer Daniel Larimer and the Chinese agency indicates that the problem has been resolved. However, Larimer announced a bounty program on Twitter that awards $10,000 to any party successful in finding more vulnerabilities.
Help us find critical bugs in #EOSIO before our 1.0 release. $10K for every unique bug that can cause a crash, privilege escalation, or non-deterministic behavior in smart contracts. Offer subject to change, ID required, validity decided at the sole discretion of Block One.
— Daniel Larimer (@bytemaster7) May 28, 2018
Although the bounty program is proactive in its attempt to resolve potential future issues, it also epitomizes the troubling nature of the findings. EOS is the fifth-largest cryptocurrency in the world and it intends to compete with Ethereum as the dominant decentralized application (DApp) platform in the space. With the launch only days away, it is natural that concerns about the security and efficacy of the platform would arise.
Perhaps in response to the unsavory news, EOS is the noticeable laggard in an otherwise green market. The price of EOS dipped to an inter-day low of $10.93 before ultimately recovering to roughly $12 at the time of this writing with $1.9 billion in 24/hr trading volume.
You can stay up-to-date on the evolving situation here
In a galaxy far far away, there exists a decentralized exchange that doesn’t cost an arm and…
Ethereum (Ether) launched mid-2015 but quickly surpassed the market cap of all other cryptocurrencies—except for Bitcoin. At…
Celsius recently celebrated a $1B in deposits milestones in crypto interest accounts, and Alex Mashinsky dropped knowledge...
In a galaxy far far away, there exists a decentralized exchange that doesn’t cost an arm and a leg to use… Osmosis is the most active decentralized exchange in the Cosmos ecosystem, and it enables tokens on “IBC-compatible” blockchains like Cosmos, Regen, Akash, and more to be swapped, with fees under $1.00. The Cosmos “Cosmoverse”…
ABOUT THE AUTHOR
ABOUT THE AUTHOR
Richard is a blockchain investor who loves health/wellness, backpacking, social entrepreneurship, and DC sports.
He is the in-house skeptic of many altcoins but is very bullish on blockchain and Bitcoin.