Major Security Flaws Threaten Deployment of EOS Mainnet
With just four days before the anticipated release of the EOS mainnet, major security flaws are threatening the hype around the widely-hailed smart contract platform.
Chinese cybersecurity firm Qihoo360 released a report this morning outlining their discovery of “epic vulnerabilities” in the EOS code base. These vulnerabilities would enable bad actors to create and distribute malicious smart contracts to the entire EOS network. The severity of the security flaw cannot be understated, as a quote from a blog post by the company reads:
“The attacker can steal the private key of super nodes or control content of new blocks. What’s more, attackers can pack the malicious contract into a new block and publish it. As a result, all the full nodes in the entire network will be controlled by the attacker.”
If this statement is accurate, nodes of wallets and exchanges would be susceptible to manipulation and theft.
Now the question is: will today’s news force EOS to delay the deployment of its mainnet?
Although EOS hasn’t released an official statement on the matter, it seems the company is taking swift action to correct the issue. A published correspondence in Qihoo360’s blog post between EOS lead developer Daniel Larimer and the Chinese agency indicates that the problem has been resolved. However, Larimer announced a bounty program on Twitter that awards $10,000 to any party successful in finding more vulnerabilities.
Help us find critical bugs in #EOSIO before our 1.0 release. $10K for every unique bug that can cause a crash, privilege escalation, or non-deterministic behavior in smart contracts. Offer subject to change, ID required, validity decided at the sole discretion of Block One.
— Daniel Larimer (@bytemaster7) May 28, 2018
Although the bounty program is proactive in its attempt to resolve potential future issues, it also epitomizes the troubling nature of the findings. EOS is the fifth-largest cryptocurrency in the world and it intends to compete with Ethereum as the dominant decentralized application (DApp) platform in the space. With the launch only days away, it is natural that concerns about the security and efficacy of the platform would arise.
Perhaps in response to the unsavory news, EOS is the noticeable laggard in an otherwise green market. The price of EOS dipped to an inter-day low of $10.93 before ultimately recovering to roughly $12 at the time of this writing with $1.9 billion in 24/hr trading volume.
You can stay up-to-date on the evolving situation here
With the prices of Bitcoin (BTC) and other altcoins (alternative cryptocurrencies) surging as cryptos become more mainstream,…
Editor’s note: Bitcoin’s price has since broken a new all-time high of $22.3k. This article is still…
Cryptocurrency interest accounts are making a strong case for the disintermediation of traditional interest-bearing accounts by offering…
As more people enter the cryptocurrency ecosystem than ever, it’s important to rehash a few common concerns about keeping cryptocurrency safe. Many beginner to intermediate-level users wonder whether or not they should have a dedicated cryptocurrency wallet for each digital asset. One of the best ways to guarantee security, beyond taking the usual precautions like…
ABOUT THE AUTHOR
ABOUT THE AUTHOR
Richard is a blockchain investor who loves health/wellness, backpacking, social entrepreneurship, and DC sports.
He is the in-house skeptic of many altcoins but is very bullish on blockchain and Bitcoin.