Security audit firm Chengu LiaAn Technology Co claims to have found a “critical vulnerability” in EOS’s smart contract structure, according to a report by CryptoCoinSpy. The firm discovered the alleged vulnerability through its research platform, Verification as a Service (VaaS).
The alleged flaw is reportedly similar to the ‘batchOverflow’ bug that compromised a number of ERC20 tokens and led to the temporary suspension of trading and withdrawals of most ERC20 tokens on some large exchanges last week.
Essentially, batchOverflow allows hackers to create an unlimited amount of tokens out of “thin air” by making some small changes to values in smart contract code.
“Such mistakes are not security vulnerabilities in the underlying platform.”
However, EOS CTO Dan Larimer has clapped back at the reports of the alleged bug in a Medium post, saying that “the problem is not a security vulnerability,” but “the result of poor coding practices.” In other words, Larimer claims that there is nothing wrong with the EOS structure itself. Rather, individuals who create smart contracts need to take the necessary precautions to avoid leaving those contracts open to exploitation.
— Daniel Larimer (@bytemaster7) April 30, 2018
“There is nothing a smart contract platform can do to prevent developers for making mistakes,” wrote Larimer. “Such mistakes are not security vulnerabilities in the underlying platform.” He goes on to suggest several different ways to prevent problems.
While Larimer may have a point, it can also be argued that the amount of esoteric knowledge required to create a smart contract on the EOS blockchain may leave less technically skilled users in the dust. This is certainly not an issue that is unique to EOS–user-friendliness has a long way to go in most of the blockchain sphere.
In any case, when and if EOS’s smart contract platform will be able to seriously compete with Ethereum’s is still unknown.
EOS flourished throughout the month of April, its market cap reaching a peak of $18.35 billion on the 29th. However, the market cap has taken a serious dive within the last 24 hours, hitting $14.1 billion at press time.