Tron Fixed A Critical Vulnerability That Would Have Crashed The TRX Blockchain
A report from HackerOne shows that Tron disclosed it had patched a critical vulnerability that would have crashed its blockchain.
According to HackerOne, the Tron Foundation revealed on May 2 that the platform had managed to fix the vulnerability, an incident first discovered at the beginning of the year.
The vulnerability disclosure platform further states that Tron’s disclosure revealed the extent of damage an attacker would have caused.
It notes that if an attacker had put in enough malicious requests, they would have effectively ended up overwhelming the network by filling it up. That would have seen the network’s memory used up, exposing it to further attacks.
With all available memory used up, the attacker would simply employ a smart contract to deploy malicious code to successfully execute a Distributed Denial of Service (DDoS) attack.
The Tron disclosure goes on to claim that such vulnerability could have been catastrophic for the network. As stated, an attacker could have utilized a single machine to attack all or a majority of the nodes.
The attacker would simply have to “send [a] DDOS attack to all or 51% of the SR nodes,” which would have rendered the Tron network practically “unusable or unavailable.”
The Tron Foundation awarded a cybersecurity researcher $1,500 for discovering and disclosing the vulnerability.
According to the report, the discovery was made in early January and was reported for the first time on January 14. However, due to the nature of the vulnerability, Tron only disclosed it once it had already fixed it.
In 2018, cryptocurrency bug bounties earned white hat hackers more than $878k, with the biggest payer at the time being EOS developer Block.one. Coinbase provided the next largest share of bounty payments to white hat hackers, releasing an estimated $290,381.
Tron, which launched its native blockchain last year, reportedly gave out the third-largest bounty payment with $76,200 paid out in 2018.
EOS.io, which currently oversees the development of EOS, has so far paid bug bounties for the discovery of five critical vulnerabilities on the cryptocurrency’s blockchain in 2019.
In March, crypto researchers and intelligence analysts at Messari released a report that revealed how Stellar (XLM) had quietly patched a bug exploit that had resulted in an attacker creating 2.25 billion XLM tokens.
Disclaimer: This is not investment advice. Cryptocurrencies are highly volatile assets and are very risky investments. Do your research and consult an investment professional before investing. Never invest more than you can afford to lose. Never borrow money to invest in cryptocurrencies.