EOS Still Patching ‘Epic Vulnerabilities’ Just Days Ahead of Launch

Highly-anticipated blockchain project EOS is just days away from its scheduled production release, but its development team is still patching what security researchers have described as “epic vulnerabilities” present in its codebase.

China-based cybersecurity firm Qihoo 360 on Tuesday reported that it had identified security flaws that would allow attackers to use a malicious smart contract to gain control of “all nodes of the EOS network” and manipulate transactions at will. The attacker could also turn those nodes into a de facto botnet, which they could then use to mine another cryptocurrency network or even launch a cyber attack.

From the report:

“The attacker can steal the private key of super nodes or control content of new blocks. What’s more, attackers can pack the malicious contract into a new block and publish it. As a result, all the full nodes in the entire network will be controlled by the attacker.”

The disclosure of the vulnerability immediately raised questions about whether EOS would ship its code in early June as scheduled.

EOS creator Block.one has yet not addressed the issue publicly and did not immediately respond to a request for comment. However, Qihoo 360 published screenshots indicating that its team was in contact with EOS lead developer Daniel Larimer, who quickly patched the issue on GitHub.

He wrote:

“If any of these asserts trigger in release it shouldn't pass, but should throw. Allowing the code to continue running in release is a potential security vulnerability and will likely result in crashes elsewhere.”

Meanwhile, Larimer has announced a bug bounty to help developers patch any remaining vulnerabilities before the software’s 1.0 release. Researchers can receive $10,000 awards for each unique bug that “can cause a crash, privilege escalation, or non-deterministic behavior in smart contracts.”

The EOS price entered a sharp decline following the disclosure of the vulnerability, though it has regained some of that lost ground in the hours since Larimer released a patch. At present, EOS is trading at a global average of $11.96, which represents a one percent decline against USD but a four percent decline against ETH.

Featured Image from Shutterstock

Josiah Wilmoth @Y3llowb1ackbird

Josiah is the US Editor at CCN, where he focuses on financial markets and cryptocurrencies. He has written over 2,000 articles since joining CCN in 2014. His work has also been featured on ZeroHedge, Yahoo Finance, and Investing.com. He holds bitcoin, but does not engage in day trading. He lives in rural Virginia. Follow him on Twitter @y3llowb1ackbird or email him directly at josiah.wilmoth(at)ccn.com.

News Tip?

tips (at) ccn.com

About CCN.com

CCN.com, also known as CCN Markets, is a financial news site reporting on Market News and Gaming. Op-eds and opinions should not be attributed to CCN Markets. Journalists on CCN Markets follow a strict ethical code that you can find here. You can contact us here. You can read more about us here. Find our journalists here. U.S. Office: New Jersey, USA. Twitter. Facebook. LinkedIn. Youtube.

We are using cookies for third-party applications like Twitter, Youtube embeds, Google Analytics and Google AdSense.

Privacy Policy