Security Audit Firm Discovers Vulnerability in EOS
Smart PlanetThe EOS CTO claims that the vulnerabilities are the results of poor coding rather than poor infrastructure.
Security audit firm Chengu LiaAn Technology Co claims to have found a “critical vulnerability” in EOS’s smart contract structure, according to a report by CryptoCoinSpy. The firm discovered the alleged vulnerability through its research platform, Verification as a Service (VaaS).
The alleged flaw is reportedly similar to the ‘batchOverflow’ bug that compromised a number of ERC20 tokens and led to the temporary suspension of trading and withdrawals of most ERC20 tokens on some large exchanges last week.
Essentially, batchOverflow allows hackers to create an unlimited amount of tokens out of “thin air” by making some small changes to values in smart contract code.
“Such mistakes are not security vulnerabilities in the underlying platform.”
However, EOS CTO Dan Larimer has clapped back at the reports of the alleged bug in a Medium post, saying that “the problem is not a security vulnerability,” but “the result of poor coding practices.” In other words, Larimer claims that there is nothing wrong with the EOS structure itself. Rather, individuals who create smart contracts need to take the necessary precautions to avoid leaving those contracts open to exploitation.