A hazardous bug was found on the that could’ve disrupted the entire network by causing it to overload and crash. The bug could’ve brought the entire to a standstill, as by The Next Web on May 6, 2019.
Malicious Bug in TRON Smart Contracts
The bug on ’s was by HackerOne, a cybersecurity company that helps projects list bug bounties, with limited information regarding the intricate details of the bug. The potential loophole in the network was reported by a user by the name of “danish1970” on January 14, 2019.
The report was sent to the foundation which awarded the user their bug bounty of $1,500 on February 1, 2019.
Until the bug was resolved, a single computer could maliciously consume the entire CPU power of the network with DDoS attacks, rendering the network unusable. The DDoS attacks repeatedly ordered the deployment of smart contracts from the node’s that were filled with malicious “bytecode,” the of the Virtual Machine.
The flaw was rooted in the function in the code of the Virtual Machine. This means there was a chance of downing the to launch an attack on wallets and potentially steal funds. Another bounty of $3,100 was paid, but has yet to disclose the issue for which the bounty was paid.
Getting More for Less
Since July 2018, there have been 15 with on HackerOne. Twelve of these have been resolved for a cumulative bounty of $78,800.
Bug bounties are an efficient and cost-effective way to outsource network tests in a decentralized environment. Most projects have active bug bounty programs with the latest being Gnosis’ of the DutchX decentralized protocol.
In September 2018, developers for Core, the leading software to run a node on the , reported a that would’ve subjected users to a flood of incoming traffic. (XMR) and (REP) are also known for crowdsourcing cybersecurity through bug bounties.
Bug bounty initiatives are slowly becoming an innate feature of crypto projects as it gives them access to a large talent pool for a relatively low cost.
Like BTCMANAGER? Send us a tip!
Our Address: 3AbQrAyRsdM5NX5BQh8qWYePEpGjCYLCy4
Published at Tue, 07 May 2019 18:17:15 +0000
