An EOS vulnerability was discovered that could have potentially caused the EOS mainnet launch to be delayed.
The 360 Vulcan team from Qihoo 360, a Chinese internet security firm, discovered the vulnerability and reported it to the EOS team to take immediate action. The 360 Vulcan team released a report (English version) detailing what they had discovered.
The EOS Vulnerability
In short, the EOS vulnerability would allow an attacker to build a smart contract with malicious code and infiltrate the EOS mainnet with it. EOS supernodes would put the malicious smart contract, without being aware that it is malicious, into all new EOS blocks. The malicious code would then spread to all nodes on the network and wreak havoc, giving the attacker full control of the entire network.
With full control of the EOS network, the attacker would have access to all data. They would be able to steal private keys, control transactions, and infiltrate wallets and exchanges.
“The series of new security vulnerabilities discovered by the 360 security team in the smart contract virtual machine on the EOS platform is a series of unprecedented security risks. Security researchers have not found such problems before. This type of security issue affects not only EOS but also other types of blockchain platforms and virtual currency applications.” the report stated.
The report also expressed hope that this discovery would lead to enhanced security of the entire blockchain network, not just of EOS, but of all blockchain projects out there.
EOS Takes Action
Qihoo 360 quickly reported the issues they had discovered to Dan Larimer and the EOS team. The 360 report states, “The person in charge of the EOS network said that the EOS network will not be officially launched until these issues are fixed.”
Does this mean a delay for the EOS mainnet launch? Luckily, no. After being notified of the EOS vulnerability, the EOS team took action, quickly getting to work on resolving the vulnerability.
According to another report released by the 360 team, the issues have now been fixed. Although EOS has yet to comment publically on the matter, the resolved EOS vulnerability is confirmed on Github as well.
Dan Larimer has also tweeted from his personal account asking for community help in finding any other potential vulnerabilities with EOS:
Help us find critical bugs in #EOSIO before our 1.0 release. $10K for every unique bug that can cause a crash, privilege escalation, or non-deterministic behavior in smart contracts. Offer subject to change, ID required, validity decided at the sole discretion of Block One.
— Daniel Larimer (@bytemaster7) May 28, 2018
EOS is currently selling for $11.96, which puts the coin down 1.90% in the past 24 hours.
EOS’s price dropped as low as $10.93 today, but the coin looks to now somewhat be recovering from its vulnerability scare.
Featured image: Canva