Blockchain Platform EOS exposed High-Risk Security Vulnerabilities
360 companies announced that Vulcan team discovered a series of the high-risk security flaw in blockchain platform EOS. It has been verified that some of these vulnerabilities can remotely execute arbitrary code on the EOS node. That is, it can directly control and take over all nodes running on EOS through remote attacks.
On the early morning of the 29th, 360, the vulnerability was reported to the EOS official and assisted in repairing the security risks. Until these issues are fixed, the EOS network will not be officially launched.
Daniel Larimer, founder of EOS
Help us find critical bugs in #EOSIO before our 1.0 release. $10K for every unique bug that can cause a crash, privilege escalation, or non-deterministic behavior in smart contracts. Offer subject to change, ID required, validity decided at the sole discretion of Block One.
— Daniel Larimer (@bytemaster7) May 28, 2018
In an attack, an attacker constructs and publishes a smart contract containing malicious code. The EOS supernode will execute this malicious contract and trigger a security hole. The attacker then re-uses the supernode to package the malicious contract into a new block, which in turn causes all full nodes in the network (alternate supernode, exchange reload point, digital currency wallet server node, etc.) to be controlled remotely.
As the system of the node is fully controlled, an attacker can do anything, such as stealing the key of the EOS supernode, controlling the virtual currency transaction of the EOS network; acquiring other financial and privacy data in the EOS network participating node system, such as an exchange Digital currency, the user’s key stored in the wallet, key user profiles, privacy data, and more.
What’s more, an attacker can turn a node in an EOS network into a member of a botnet, launch a cyber attack or become a free “miner” and dig up other digital currencies.
Source: 8btc