EOS devs scramble to fix major flaws ahead of mainnet launch
The countdown timer had already begun to the launch of the EOS mainnet, but those plans might need to be put on hold. A computer security research company has uncovered what it dubbed “a series of epic vulnerabilities.” The flaws are so egregious that a hacker could have exploited the bug and taken control of the entire network.
A report (in Chinese) released by Qihoo 360, the Chinese firm that uncovered the issues, indicated that flaws were found that, if left uncorrected, would expose entire nodes on the network to attacks. The hackers would have unfettered access to execute code and manipulate all transactions. Qihoo 360 added that an exploitation of the bugs has the potential to bring down the entire cryptocurrency network.
Through the vulnerabilities, hackers can attack the network through the construction and publication of smart contracts that contain malicious code. This code would then be picked up by EOS supernodes and packed into blocks to be propagated across the entire network. The code then affects all nodes, including exchanges and cryptocurrency wallets. Subsequently, the hackers would have access to all private cryptocurrency transaction keys.
Qihoo 360 researchers reached out to Daniel Larimer, the lead developer for EOS. Larimer has said that the vulnerabilities have been addressed and won’t pose any problems. On Github, Larimer said, “If any of these asserts trigger in release it shouldn’t pass, but should throw. Allowing the code to continue running in release is a potential security vulnerability and will likely result in crashes elsewhere.”
Larimer has reached out to the cryptocurrency community, providing a monetary incentive for help in identifying issues. On Twitter, Larimer promised “$10K for every unique bug that can cause a crash, privilege escalation, or non-deterministic behavior in smart contracts.”
Help us find critical bugs in #EOSIO before our 1.0 release. $10K for every unique bug that can cause a crash, privilege escalation, or non-deterministic behavior in smart contracts. Offer subject to change, ID required, validity decided at the sole discretion of Block One.
— Daniel Larimer (@bytemaster7) May 28, 2018
EOS is expected to launch its mainnet on June 2. The move would be a giant step forward for the digital currency. After the mainnet is launched, EOS will no longer be an ERC20-based token and it will be off the Ethereum blockchain. Despite the reassurances by Larimer, additional due diligence is warranted prior to any launch.
After news first broke about the issues, the price of EOS dropped by almost 11%.It dipped to $10.93 before correcting to $12.49. The price currently sits just a little south of its most recent high and trading volume has been steady at around $1.5 billion.
To receive the latest CoinGeek.com news, special discounts on CoinGeek Conferences and other inside information direct to your inbox, please sign up for our mailing list.