Security Audit Firm Discovers Vulnerability in EOS, Dan Larimer Claps Back

Tuesday, 01/05/2018 | 07:09 GMT by Rachel McIntosh
  • The EOS CTO claims that the vulnerabilities are the results of poor coding rather than poor infrastructure.
Security Audit Firm Discovers Vulnerability in EOS, Dan Larimer Claps Back
Bloomberg

Security audit firm Chengu LiaAn Technology Co claims to have found a “critical vulnerability” in EOS’s Smart Contract structure, according to a report by CryptoCoinSpy. The firm discovered the alleged vulnerability through its research platform, Verification as a Service (VaaS).

The alleged flaw is reportedly similar to the ‘batchOverflow’ bug that compromised a number of ERC20 tokens and led to the temporary suspension of trading and withdrawals of most ERC20 tokens on some large exchanges last week.

Essentially, batchOverflow allows hackers to create an unlimited amount of tokens out of “thin air” by making some small changes to values in smart contract code.

“Such mistakes are not security vulnerabilities in the underlying platform.”

However, EOS CTO Dan Larimer has clapped back at the reports of the alleged bug in a Medium post, saying that “the problem is not a security vulnerability,” but “the result of poor coding practices.” In other words, Larimer claims that there is nothing wrong with the EOS structure itself. Rather, individuals who create smart contracts need to take the necessary precautions to avoid leaving those contracts open to exploitation.

“There is nothing a smart contract platform can do to prevent developers for making mistakes,” wrote Larimer. “Such mistakes are not security vulnerabilities in the underlying platform.” He goes on to suggest several different ways to prevent problems.

While Larimer may have a point, it can also be argued that the amount of esoteric knowledge required to create a smart contract on the EOS Blockchain may leave less technically skilled users in the dust. This is certainly not an issue that is unique to EOS--user-friendliness has a long way to go in most of the blockchain sphere.

In any case, when and if EOS’s smart contract platform will be able to seriously compete with Ethereum’s is still unknown.

EOS flourished throughout the month of April, its market cap reaching a peak of $18.35 billion on the 29th. However, the market cap has taken a serious dive within the last 24 hours, hitting $14.1 billion at press time.

Security audit firm Chengu LiaAn Technology Co claims to have found a “critical vulnerability” in EOS’s Smart Contract structure, according to a report by CryptoCoinSpy. The firm discovered the alleged vulnerability through its research platform, Verification as a Service (VaaS).

The alleged flaw is reportedly similar to the ‘batchOverflow’ bug that compromised a number of ERC20 tokens and led to the temporary suspension of trading and withdrawals of most ERC20 tokens on some large exchanges last week.

Essentially, batchOverflow allows hackers to create an unlimited amount of tokens out of “thin air” by making some small changes to values in smart contract code.

“Such mistakes are not security vulnerabilities in the underlying platform.”

However, EOS CTO Dan Larimer has clapped back at the reports of the alleged bug in a Medium post, saying that “the problem is not a security vulnerability,” but “the result of poor coding practices.” In other words, Larimer claims that there is nothing wrong with the EOS structure itself. Rather, individuals who create smart contracts need to take the necessary precautions to avoid leaving those contracts open to exploitation.

“There is nothing a smart contract platform can do to prevent developers for making mistakes,” wrote Larimer. “Such mistakes are not security vulnerabilities in the underlying platform.” He goes on to suggest several different ways to prevent problems.

While Larimer may have a point, it can also be argued that the amount of esoteric knowledge required to create a smart contract on the EOS Blockchain may leave less technically skilled users in the dust. This is certainly not an issue that is unique to EOS--user-friendliness has a long way to go in most of the blockchain sphere.

In any case, when and if EOS’s smart contract platform will be able to seriously compete with Ethereum’s is still unknown.

EOS flourished throughout the month of April, its market cap reaching a peak of $18.35 billion on the 29th. However, the market cap has taken a serious dive within the last 24 hours, hitting $14.1 billion at press time.

About the Author: Rachel McIntosh
Rachel McIntosh
  • 1509 Articles
  • 57 Followers
About the Author: Rachel McIntosh
Rachel is a self-taught crypto geek and a passionate writer. She believes in the power that the written word has to educate, connect and empower individuals to make positive and powerful financial choices. She is the Podcast Host and a Cryptocurrency Editor at Finance Magnates.
  • 1509 Articles
  • 57 Followers

More from the Author

CryptoCurrency

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}