Today May 29th, Golden Finance learned from 360 that the 360 company Vulcan team found a series of high-risk security vulnerabilities on the blockchain platform EOS. It has been verified that some of these vulnerabilities can remotely execute arbitrary code on the EOS node. That is, remote attacks can directly control and take over all nodes running on EOS.
On the early morning of the 29th, this type of loophole was reported to EOS official and assisted in repairing security risks. According to 360, the person in charge of the EOS network stated that the EOS network will not be officially launched until these issues are fixed.
Golden Finance on the details of the incident to verify the 360 to understand, at 1 pm on the 28th, 360 has completed the use of loopholes to control the entire EOS network demonstration; 28 at 10 o'clock on the evening of the 28th, EOS official contact with the feedback loop; on the 29th Replied by EOS, do not disclose the details of the vulnerability and the EOS network is being repaired. Around 2 o'clock on the 29th, EOS has completed repairs.
The person in charge of the 360 technology department told Golden Finance: "This is a serious problem in itself, but it is not difficult to fix it. It should not have a major impact on the main line, because EOS has been continuously Fix the bug."
Golden Finance contacted EOS on the matter for the first time and was exclusively informed that EOS had handed over the matter to a team of lawyers. The official did not commit to the main online time.
Since the release of the blockchain security situational awareness system on May 25, 360 and officially involved in the blockchain security field, it has successively released information on multiple cryptocurrency wallets, blockchain project loopholes, and phishing and airdrop frauds. The description of the EOS loopholes is rather sensational. On the one hand, 360 may want to use it to achieve the purpose of publicity and promotion. On the other hand, let us wake up, the rapid development of the blockchain industry may be flawed in terms of loopholes and security. We must know that there have been many incidents of hacking and smart contract loopholes this year.
Regarding the EOS vulnerabilities, in fact, EOS founder BM published related news in the developer group on May 27. BM said that it will reward those who discovered and submitted bugs. The main features of these vulnerabilities include: crashing node systems through P2P plug-ins or RPC interfaces; bringing intelligent contracts into endless loops; making smart contracts take up a lot of memory (greater than 64MB); using smart contracts to crash node systems; and performing unauthorized operations on accounts. Make intelligent contract running time more than 10ms. BM also mentioned that providing valuable loopholes will receive a reward of 10,000 US dollars. The BM team is responsible for evaluating the value of the loopholes. This incentive will stop at any time. IMEOS, as a neutral media agency, publishes and disseminates global EOS community news, and actively cooperates with other communities and neutral media to do a good job in repairing loopholes to jointly contribute to the security of the EOS network.
It can be seen that in the BM, the existence of loopholes in EOS is a normal phenomenon. According to the information we have obtained, the vulnerability pointed out by 360 has now been repaired.
As of the golden financial release, according to the price of the Coin Pro market, EOS fell by 6.65% within an hour and has now fallen below 11 US dollars. Golden Finance will continue to pay attention to this issue.