Security swords in the EOS cryptocurrency security

Daniel Larimer, EOS technology director announced on his twitter that anyone who finds an error in the EOS network will get $ 10,000 in pay. This motivated the IT team "360 Vulcan" to work in the search for errors of EOS cryptocurrency. Unfortunately for the cryptocurrency team, they discovered a series of critical gaps in their blockchain network. It has been verified that some of these vulnerabilities could remotely execute arbitrary code entered in the EOS node, which may allow hackers to remotely take over the EOS blockchain.

The 360 ​​Vulcan team analyzed the entire EOS and found that there is a huge EOS code vulnerability that could lead to a series of intrusions into cryptocurrency blockchains. The technology director, Daniel Larimer, wanted the EOS 1.0 to be fully functional before releasing the 1.0 OS and did not expose the network participants to potential technical problems or even hacker attacks. Early this morning, the 360 ​​Vulcan team reported for the first time the vulnerability of the EOS network and announced that it would help the company to fix network security threats. The person responsible for the EOS updates (to take place on June 2) stated that the network will not be officially launched until the problems are fixed.

To exploit this critical vulnerability, an attacker could send a malicious query to the node server, after the contract is analyzed by the node server, a malicious function can be performed on the server and take complete control over it.

EOS with a critical gap
EOS is a token in ERC20 format, created on the basis of Ethereum blockchain. Ethereum offers the opportunity to create your own digital asset or smart contract, and EOS, Tron or VeChain are a perfect example. If the vulnerability was exploited by hackers, it would cause huge losses for the company and, above all, for users' trust.

Below is the technical result of the 360 ​​Vulcan team:

Defective path and vulnerability related to capture outside the buffer area:

libraries / chain / webassembly / binaryen.cpp (Line 78), Function binaryen_runtime :: instantiate_module:

As the team describes, during the storage of elements in the "offset" it has not been correctly checked. There is a confirmation before setting the value, which checks the offset, but unfortunately "assert" works only in the debug version and does not work in the released version.

The use of a security hole to execute remote code
As we wrote above, the vulnerability could be used to take over the main EOS network. This would allow an attack on the entire blockchain network. The attacker may use remote code in the nodeos process, by sending malicious contracts to the node and allow the node to analyze the malicious contract. An attacker can thus steal a private key of super-nodes or even control the contents of new blocks. What's more, attackers can pack a malicious agreement into a new block and publish it. As a result, all full nodes in the entire network will be controlled by the attacker. If the vulnerability could not be found, sooner or later someone would enter the EOS network and apply a malicious contract, allowing themselves full control over the network.

source: bithub.pl