EOS has skyrocketed in the crypto market rankings ahead of its highly-anticipated mainnet launch, but new research suggests that the code suffers from major vulnerabilities that could expose it to malicious attacks.
EOS Security Flaws
Researchers at China-based cyber security firm Qihoo have released a report identifying multiple security flaws with the EOS protocol. If not addressed, these issues would allow hackers to leverage malicious smart contracts to gain control of all network nodes. Once inside, they could manipulate network transactions easily and use existing infrastructure to mine another cryptocurrency network.
The firm identified something called a “buffer out-of-bounds write vulnerability,” which could allow hackers to gain access to the entire network.
“To use this vulnerability, attacker could upload a malicious smart contract to the nodes server, after the contract get parsed by nodes server, the malicious payload could execute on the server and taken control of it,” Qihoo said in a report that appeared Tuesday.
The report adds:
“The attacker can steal the private key of super nodes or control content of new blocks. What’s more, attackers can pack the malicious contract into a new block and publish it. As a result, all the full nodes in the entire network will be controlled by the attacker.”
Daniel Larimer of EOS has announced a bounty program to help developers address any remaining vulnerabilities ahead of the software release. Developers can receive $10,000 for each unique vulnerability they uncover related to smart contracts.
The EOS mainnet launches June 2.
EOS Price Levels
EOS shed more than $1 billion in market cap on Tuesday as reports of security flaws circulated. The cryptocurrency bottomed at $10.93 at 2:34 UTC, according to data provider CoinMarketCap.
At current values, EOS is capitalized at $10.6 billion with daily turnover reaching $1.8 billion.
Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.
Featured image courtesy of Shutterstock.