A Chinese internet security firm says they notified the EOS blockchain project developers about what they called “a series of epic vulnerabilities” discovered on its platform.
Qihoo 360 said in a report that loopholes found in EOS could potentially expose nodes on the network to attack. This could mean attackers would be able to execute code remotely and possibly gain full control of transactions. The firm claimed that such an attack could decimate the entire network.
Qihoo 360 explained that bad actors could attack the network by creating and publishing smart contracts which would contain malicious code on the mainnet and have EOS supernodes pack the code into new blocks.
Once packed into new blocks, the codes would then be able to affect all nodes on the network, including those of wallets and exchanges. The attack would leave private keys vulnerable to the perpetrators of the attack.
EOS has not yet made any public comment, while Qihoo 360 said in a blog post that the EOS project’s lead dev, Daniel Larimer, had been notified of the issue and that he has since indicated that the vulnerabilities have been fixed. The issue was identified as Issue number 3498 on Github.
“If any of these asserts trigger in release it shouldn’t pass, but should throw. Allowing the code to continue running in release is a potential security vulnerability and will likely result in crashes elsewhere,”
Larimer wrote on Github.
Larimer has also put out a call for more external assistance in quashing bugs.