EOS Looks For a Smart Contract Solution While RAM Exploit Harms Users


The EOS community is currently being plagued by an exploit on its smart contract that can be used by malicious individuals to contract authors and consume their network resources. Because of this, the company is currently on the lookout to discover a way to fix this bug as quickly as possible.

EOS Smart Contracts Are Being Used To Steal RAM

As part of an effort to avoid spam and the clogging of the network, users have to buy RAM to use the EOS network and deploy smart contracts or run decentralized applications (dapps).

As a group of developers has recently found out, some attackers are using a bug to create malicious smart contracts that exploit the scripting language of the EOS to allow one contract to notify other contracts of specific events.

This way, the hackers use malicious contracts to fill other users’ RAM with unusable data and freeze their RAM, stealing it from them. The exploit can affect smart contracts and users, but they are only at risk of being affected by the problem if they transfer tokens to the malicious contracts.

The Search For A Solution

As this creates a big threat for the blockchain, Dan Larimer, CTO of EOS and the creator of Block.one, has addressed the matter recently. According to him, this is not necessarily a bug, but an abuse of a valid feature, an act of “vandalism” in his words.

The exploit, he explains, takes advantage of a mismatch between the intent of the users and how the code was originally made to be used for. A solution that he talked about was to use the EOS authority of the block producers to blacklist some contracts and only allow the transactions after the affected users passed an arbitration process.

Proxy Tokens

While there is not a defined solution for the problem, the EOS development team is already creating some ways to bypass the problem. The EOSEssentials team has been working on a somewhat complex but effective way of not letting the users lose their RAM: proxy tokens.

By using a proxy account that does not hold RAM, a user can be protected from the bug because it will not consume his actual RAM. This account, named safe transfer, will be coded on the transfers and will appear in the transaction. For instance, you can send tokens safetransfers and then use the account name.

The proxy method is working at the time of this report and it is at least a way to circumvent the problem for now. However, it should be noted that the proxy account cannot be used on decentralized apps, which will probably not be a big problem since almost no one is using EOS apps right now.

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide