$10,000 EOS Bug Bounty Reward Launched Days Before Mainnet Swap
Although the EOS company wants to fine tune all the details for the official launch of its mainnet, it seems, it is having some important issues.
The EOS mainnet will be launched in the coming days. But the company decided to ask users to look for errors and they are expected to reward their findings with about $ 10,000 dollars. With recent errors discovered by some researchers, it is normal for some people to question the current status of this project.
China's largest Internet security company, Qihoo 360, discovered several of the high-risk security vulnerabilities in the EOS blockchain platform. These vulnerabilities would allow remote attacks on all EOS nodes, as Qihoo 360 said on Weibo two days ago.
Raises $4B, offers to pay only $10k for catastrophic bugs 2 days before mainnet launch. Strange. 🤔 And quite a few other concerning issues with EOS. See: https://t.co/C4HypNFet5
This will also be one of the biggest ERC20 token to blockchain launch. Should be an exciting day! https://t.co/Ey7mF10Dry
— Charlie Lee [LTC⚡] (@SatoshiLite) May 30, 2018
Qihoo 360 reported the vulnerability to the EOS team and that the EOS mainnet will not be released until security issues are resolved. Local news media Jinse said that EOS asked Qihoo 360 not to report the vulnerability; they claimed that the problems were fixed the same day, around 2:00 p.m., China's Standard Time.
The risk is significant, since more than 50% of the addresses of EOS tokens are not yet registered in the network. This endangers several millions of dollars invested and could, in the worst case, affect the price of EOS tokens.
The way it is possible to make the system fail would be to install a malicious node which first analyzes the contracts, then a persistent vulnerability would be triggered in the system and the attacker would be able to control the EOS supernode that analyzed the contract. The attacker could steal the private key of the supernodes or control the content of the new blocks. In addition, attackers could also enter a malicious contract into a new block and publish it. As a result, all the complete nodes in the entire network could be controlled by the attacker.
Although Qihoo 360, prepared a patch to mitigate the error, it still presents inconsistency for its final implementation, for that reason is still unknown the exact moment of the release. And there is still a great risk that millions of EOS tokens will be frozen because their owners have not complied with the registration required by the company for migration.
Qihoo360 expressed with some hope that: “The discovery and disclosure of this loophole will cause the blockchain industry and security peers to pay more attention to the security of such problems and jointly improve the security of the blockchain network”.
It is planned that the most tentative date for the launch of the mainnet until further notice or more errors are discovered, could be this June 2. Today has had a rise of 1.26% in the last 24 hours, now it is worth $ 12.34 according to data from CoinMarketCap.