After a number of delays and controversies, EOS blockchain lastly launched on June 10. However, it seems, the blockchain is still dealing with vulnerabilities.
Guido Vranken, the safety researcher who won $120,000 in EOS bug bounty program earlier, has found one other vulnerability in EOS. However extra worryingly, it seems he’s not the one one to have discovered new kinks within the community.
— Guido Vranken (@GuidoVranken) June 13, 2018
Vranken says the brand new flaw he found has to do with “unbounded recursion in Binaryen WASM parsing.”
For these unfamiliar, unbounded recursion happens when a operate that calls itself from inside enters an limitless loop – till the pc runs out of assets and dies. Because of this if anybody makes an attempt to compile to web assembly (WASM) utilizing the Binaryen compiler, their laptop might go kaput.
The HackerOne profile of Block.one exhibits that Vranken has already been paid $100,000 for 10 completely different vulnerabilities.
Vranken just isn’t positive if there are nonetheless different bugs left with EOS. However, it positively seems that different researchers are nonetheless receiving bounties for locating bugs — the newest was simply 17 hours ago from the time of writing.
Chinese language safety agency Qihoo 360 discovered a series of vulnerabilities in EOS in Might. The glitches might permit hackers to remotely entry the community’s nodes, compromising the complete EOS blockchain.
The bug bounty program was launched within the aftermath of the discoveries, and the blockchain which was slated to launch on June 2 noticed a major delay.
Additionally it is price noting that the EOS blockchain can also be presently caught in a middle ground between launched and live. The blockchain lastly launched on June 10 after getting a unanimous ‘go’ vote from the block producer candidates, however solely technically.
The EOS cryptocurrency will stay locked up till the 21 block producer candidates are elected. As Coindesk points out, at the very least 15 p.c of all EOS provide must be staked for block producer candidates to be elected. Days after the launch, the voting nonetheless hasn’t passed the 10-percent mark.
Staking the cash would require the buyers to make use of their non-public key, which they really feel might probably danger their funding. Unsuitable publicity of personal keys might imply they lose all their funds.
Clearly, the EOS mainnet nightmare refuses to die down.
Vranken didn’t reply to a request for feedback instantly. If he responds, we’ll replace the story.
Printed June 14, 2018 — 11:25 UTC