Security Audit Firm Discovers Vulnerability in EOS, Dan Larimer Claps Back
- The EOS CTO claims that the vulnerabilities are the results of poor coding rather than poor infrastructure.
Security audit firm Chengu LiaAn Technology Co claims to have found a “critical vulnerability” in EOS’s Smart Contract Smart Contract A smart contract is a piece of software that automatically executes a pre-determined set of actions when a certain set of criteria or met. One of the key tenets of smart contracts is their ability to perform credible transactions without third parties and are self-executing, with their conditions written into the lines of code that form themAdditionally, these transactions are both trackable and irreversible. For example, a smart contract could be used to give royalty payouts to a musical artist A smart contract is a piece of software that automatically executes a pre-determined set of actions when a certain set of criteria or met. One of the key tenets of smart contracts is their ability to perform credible transactions without third parties and are self-executing, with their conditions written into the lines of code that form themAdditionally, these transactions are both trackable and irreversible. For example, a smart contract could be used to give royalty payouts to a musical artist Read this Term structure, according to a report by CryptoCoinSpy. The firm discovered the alleged vulnerability through its research platform, Verification as a Service (VaaS).
The alleged flaw is reportedly similar to the ‘batchOverflow’ bug that compromised a number of ERC20 tokens and led to the temporary suspension of trading and withdrawals of most ERC20 tokens on some large exchanges last week.
Essentially, batchOverflow allows hackers to create an unlimited amount of tokens out of “thin air” by making some small changes to values in smart contract code.
“Such mistakes are not security vulnerabilities in the underlying platform.”
However, EOS CTO Dan Larimer has clapped back at the reports of the alleged bug in a Medium post, saying that “the problem is not a security vulnerability,” but “the result of poor coding practices.” In other words, Larimer claims that there is nothing wrong with the EOS structure itself. Rather, individuals who create smart contracts need to take the necessary precautions to avoid leaving those contracts open to exploitation.
I just debunked LianAn Tech's claims that eosio has same batchOverflow vulnerability. #eosio #eos #ethereum https://t.co/cv41w4aVYr
— Daniel Larimer (@bytemaster7) April 30, 2018
“There is nothing a smart contract platform can do to prevent developers for making mistakes,” wrote Larimer. “Such mistakes are not security vulnerabilities in the underlying platform.” He goes on to suggest several different ways to prevent problems.
While Larimer may have a point, it can also be argued that the amount of esoteric knowledge required to create a smart contract on the EOS Blockchain Blockchain Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned.) In this sense, blockchain is immune to the manipulation of data making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tampe Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned.) In this sense, blockchain is immune to the manipulation of data making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tampe Read this Term may leave less technically skilled users in the dust. This is certainly not an issue that is unique to EOS--user-friendliness has a long way to go in most of the blockchain sphere.
In any case, when and if EOS’s smart contract platform will be able to seriously compete with Ethereum’s is still unknown.
EOS flourished throughout the month of April, its market cap reaching a peak of $18.35 billion on the 29th. However, the market cap has taken a serious dive within the last 24 hours, hitting $14.1 billion at press time.
Security audit firm Chengu LiaAn Technology Co claims to have found a “critical vulnerability” in EOS’s Smart Contract Smart Contract A smart contract is a piece of software that automatically executes a pre-determined set of actions when a certain set of criteria or met. One of the key tenets of smart contracts is their ability to perform credible transactions without third parties and are self-executing, with their conditions written into the lines of code that form themAdditionally, these transactions are both trackable and irreversible. For example, a smart contract could be used to give royalty payouts to a musical artist A smart contract is a piece of software that automatically executes a pre-determined set of actions when a certain set of criteria or met. One of the key tenets of smart contracts is their ability to perform credible transactions without third parties and are self-executing, with their conditions written into the lines of code that form themAdditionally, these transactions are both trackable and irreversible. For example, a smart contract could be used to give royalty payouts to a musical artist Read this Term structure, according to a report by CryptoCoinSpy. The firm discovered the alleged vulnerability through its research platform, Verification as a Service (VaaS).
The alleged flaw is reportedly similar to the ‘batchOverflow’ bug that compromised a number of ERC20 tokens and led to the temporary suspension of trading and withdrawals of most ERC20 tokens on some large exchanges last week.
Essentially, batchOverflow allows hackers to create an unlimited amount of tokens out of “thin air” by making some small changes to values in smart contract code.
“Such mistakes are not security vulnerabilities in the underlying platform.”
However, EOS CTO Dan Larimer has clapped back at the reports of the alleged bug in a Medium post, saying that “the problem is not a security vulnerability,” but “the result of poor coding practices.” In other words, Larimer claims that there is nothing wrong with the EOS structure itself. Rather, individuals who create smart contracts need to take the necessary precautions to avoid leaving those contracts open to exploitation.
I just debunked LianAn Tech's claims that eosio has same batchOverflow vulnerability. #eosio #eos #ethereum https://t.co/cv41w4aVYr
— Daniel Larimer (@bytemaster7) April 30, 2018
“There is nothing a smart contract platform can do to prevent developers for making mistakes,” wrote Larimer. “Such mistakes are not security vulnerabilities in the underlying platform.” He goes on to suggest several different ways to prevent problems.
While Larimer may have a point, it can also be argued that the amount of esoteric knowledge required to create a smart contract on the EOS Blockchain Blockchain Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned.) In this sense, blockchain is immune to the manipulation of data making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tampe Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned.) In this sense, blockchain is immune to the manipulation of data making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tampe Read this Term may leave less technically skilled users in the dust. This is certainly not an issue that is unique to EOS--user-friendliness has a long way to go in most of the blockchain sphere.
In any case, when and if EOS’s smart contract platform will be able to seriously compete with Ethereum’s is still unknown.
EOS flourished throughout the month of April, its market cap reaching a peak of $18.35 billion on the 29th. However, the market cap has taken a serious dive within the last 24 hours, hitting $14.1 billion at press time.