The internet has been abuzz with news of discovered vulnerabilities in the EOS (EOS) platform ahead of the MainNet launch on the 2nd of June. The discoveries were made by China based internet security firm, Qihoo 360 who later notified the EOS project members in what the firm considered as ‘epic vulnerabilities’.
The vulnerabilities were relayed to the EOS team early today morning with Qihoo 360 highlighting that rogue attackers can use a malicious smart contract to gain control of all the nodes in the network. What can then proceed to happen, is the attacker will probably manipulate transactions at will and cash out. The attacker was also noted as being capable of using the nodes as a botnet system that can be used to mine another cryptocurrency network or even launch a full blown cyber attack.
The report is quoted on discovering the following:
Due to the decentralized computing characteristics of blockchain networks. A security vulnerability in the implementation of a blockchain node may cause thousands of nodes to be attacked. Even a denial-of-service vulnerability that is considered to be relatively harmless in the area of traditional software vulnerabilities may trigger storm attacks on the entire network in a blockchain network, causing a huge impact on the entire digital currency system.
The report goes on to explain how the attacker can do whatever he wants once he has access to the EOS super node including gathering information on the EOS users’ keys, profiles, private data and more.
The question now is, with such vulnerabilities identified, will the EOS team be able to still launch the MainNet on time or will they postpone the launch?
The team at EOS has even announced a bug bounty program via twitter through their team member, Daniel Larimer who posted the following just 16 hours ago:
Help us find critical bugs in
#EOSIO before our 1.0 release. $10K for every unique bug that can cause a crash, privilege escalation, or non-deterministic behavior in smart contracts. Offer subject to change, ID required, validity decided at the sole discretion of Block One.
The crypto-market has had a knee jerk reaction to the news with EOS currently trading at $11.63 at the moment of writing this and down 2.82% in 24 hours. The token had bottomed at $10.94 this morning around 6:34 am, UTC. Only time will tell if the security vulnerabilities will be fixed before the MainNet launch, or if the launch will have to be postponed.
The current EOS MainNet launch countdown reads 4 Days, 7 Hours and 15 Minutes at the moment of writing this. Time is indeed a factor.
[Photo source, gawker.com]