Critical EOS Smart Contract Vulnerability Discovered By Auditing Firm


LianAn Tech, with the help of its research platform VaaS (Verification as a Service), has identified a critical vulnerability in the EOS smart contract architecture. The defect is visibly similar to the batchOverflow bug that had incapacitated a long list of ERC20 tokens including BeautyChain (BEC). The event had lead to the suspension of trading and withdrawals of all ERC20 tokens across most major exchanges.

LianAn Tech took a close look at the batchOverflow exploit and investigated the EOS blockchain smart contract architecture using integer overflow vulnerability detection and security verification and found that the smart contracts on the EOS blockchain are subject to almost exactly the same vulnerability.

EOSIO had been designed to give developers the most robust toolset for writing high-performance, high-quality, low-bug-count contracts and to allow the platform and the contracts to recover gracefully when all else fails. However, it has become under various scrutiny the last few weeks with many more flaws to be pointed out soon.

Many people have come in support of EOS. Daniel Larimer commented:

“The problem is not a security vulnerability, as they represent, but the result of poor coding practices. There is nothing a smart contract platform can do to prevent developers from making mistakes. Such mistakes are not security vulnerabilities in the underlying platform.”

He added,

“The team at LianAn Tech and other bloggers which report on this issue have constructed a strawman argument against EOSIO. The result of their irresponsible reporting is to mislead those who don’t understand the technology. As an industry, we need people who can accurately understand the difference between a security vulnerability (platform not behaving as designed), a user error (developers not using the platform properly), and a fundamental platform design flaw (a platform not giving developers tools to protect themselves).”

Whether this development is a legit criticism of EOD or it is an attempt to propagate FUD(Fear Uncertainty and Doubt) is yet to be seen.

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide