Tech 30 May 2018

Erik Gibbs

EOS devs scramble to fix major flaws ahead of mainnet launch

The countdown timer had already begun to the launch of the EOS mainnet, but those plans might need to be put on hold. A computer security research company has uncovered what it dubbed “a series of epic vulnerabilities.” The flaws are so egregious that a hacker could have exploited the bug and taken control of the entire network.

A report (in Chinese) released by Qihoo 360, the Chinese firm that uncovered the issues, indicated that flaws were found that, if left uncorrected, would expose entire nodes on the network to attacks. The hackers would have unfettered access to execute code and manipulate all transactions. Qihoo 360 added that an exploitation of the bugs has the potential to bring down the entire cryptocurrency network.

Through the vulnerabilities, hackers can attack the network through the construction and publication of smart contracts that contain malicious code. This code would then be picked up by EOS supernodes and packed into blocks to be propagated across the entire network. The code then affects all nodes, including exchanges and cryptocurrency wallets. Subsequently, the hackers would have access to all private cryptocurrency transaction keys.

Qihoo 360 researchers reached out to Daniel Larimer, the lead developer for EOS.  Larimer has said that the vulnerabilities have been addressed and won’t pose any problems. On Github, Larimer said, “If any of these asserts trigger in release it shouldn’t pass, but should throw. Allowing the code to continue running in release is a potential security vulnerability and will likely result in crashes elsewhere.”

Larimer has reached out to the cryptocurrency community, providing a monetary incentive for help in identifying issues. On Twitter, Larimer promised “$10K for every unique bug that can cause a crash, privilege escalation, or non-deterministic behavior in smart contracts.”

EOS is expected to launch its mainnet on June 2. The move would be a giant step forward for the digital currency. After the mainnet is launched, EOS will no longer be an ERC20-based token and it will be off the Ethereum blockchain. Despite the reassurances by Larimer, additional due diligence is warranted prior to any launch.

After news first broke about the issues, the price of EOS dropped by almost 11%.It dipped to $10.93 before correcting to $12.49. The price currently sits just a little south of its most recent high and trading volume has been steady at around $1.5 billion.

Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.

Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.

COMMENT

latest news

Blockchain analyst CipherBlade criticizes WSJ journalism, or lack thereof

Tech 22 March 2019

Blockchain analyst CipherBlade criticizes WSJ journalism, or lack thereof

CipherBlade, a blockchain investigation firm, has concluded that the Wall Street Journal (WSJ) has overstated its previous claims about the cryptocurrency exchange ShapeShift.

Read More
Unwriter announces Bottle, a Bitcoin browser

Tech 22 March 2019

Unwriter announces Bottle, a Bitcoin browser

Looking to find a way out of the world wide web, Unwriter has released Bottle, a new browser exclusively for the Bitcoin SV network.

Read More
Money Button CEO: How to upload large files to Bitcoin SV blockchain

Tech 22 March 2019

Money Button CEO: How to upload large files to Bitcoin SV blockchain

OP_Return has a 100KB upload limit, but Ryan X Charles will show you how you can upload much larger files with a new tool from Money Button.

Read More