Are Tron Dapps At Risk For Vulnerabilities As A Result Of TronBank Dapp Attack?

Are Tron Dapps At Risk For Vulnerabilities As A Result Of TronBank Dapp Attack?

The decentralized app (dApp) ecosystem that has been supported and developed by Tron has bene growing at impressive speeds. Limited congestion and impressive security have made it a safe place for consumers to engage in new uses for crypto assets. However, after the Dapp TronBank was targeted with fake coins, the security of this platform is being challenged, and much of the community is left wondering how the attack will impact vulnerabilities in the ecosystem.

The DApp TronBank was targeted on April 10^th this week, resulting in the theft of 170 million BTT tokens. Face coins, called BTTx, were used to stimulate the “invest” function, though the contract did not say if the token ID had the same pattern as an authentic BTT ID 1002000. Many people were surprised that the attack even happened in the first place, but a security firm named SlowMist tweeted about how they found vulnerabilities exposed for the TRC 10 token standard.

https://twitter.com/SlowMist_Team/status/1116240356155084801

Ultimately, Slowmist said that the smart contract on TronBank could not just msg.tokenid. However, since the transaction basically accepted the fake BTT already, it is easy for the attacker to maintain a balance. They can even withdraw for the real value of BTT now.

The platform took a little while to evaluate and come up with an explanation for how this happened. The security firm found other projects with the same security issue on April 11^th, during a check of other GitHub open-source codes. An article with Coingape revealed five contract addresses that were reflecting these security concerns:

TF3YXXXXXXXXXXXXXXXXXXXXXXXWt3hx

TKHNXXXXXXXXXXXXXXXXXXXXXXXAEzx5

TK8NXXXXXXXXXXXXXXXXXXXXXXXZkQy

TUvUXXXXXXXXXXXXXXXXXXXXXXXxLETV

TG17XXXXXXXXXXXXXXXXXXXXXXXkQ9i

The Beosin security team performed an analysis to determine the causes of the problems, arriving at two conclusions.

1. There is not enough research on the mechanism of the TRON token, and it may just be learning from Ethereum’s mechanisms.
2. The attacker is using methods that have already been used in other attacks, like the fake EOS method.

Based on this data, the team said that there should be an evaluation of both “msg.tokenvalue” and “msg.tokenid” to see if they meet expectations during the receipt of crypto assets. The team also offered the way that the vulnerable codes could be repaired. So far, official communication has not been established directly, but CEO and founder Justin Sun tweeted that they were working with security firms to correct this damage.

https://twitter.com/justinsuntron/status/1116313055841808385

https://bitcoinexchangeguide.com/bitcoin-btc-ethereum-eth-and-binance-coin-bnb-analysis-todays-top-price-prediction/