After the announcement of faults on EOS, Daniel Larimer defends his project
Yesterday we told you about a Chinese team of security researchers (Qihoo 360 Technology) who had discovered vulnerabilities in the source code of the virtual machine of EOS , and whose mainnet should be launched this June 2nd.
Recall of cnLedger's tweet
In the same day, concordant sources reported that the EOS development team had bridged the loopholes , which would otherwise allow an attacker to take control of complete nodes of the EOS network .
The drama continues today, with reports of attempted attacks against EOS nodes that may have accidentally exposed their private keys due to a configuration error in their API .
A single attacker would target known vulnerabilities
Attacks against EOS all seem to come from ' a single IP address , which scans the internet to find the EOS nodes. The attacker is not trying to exploit the vulnerabilities reported yesterday by the Chinese security firm, but rather a bug reported last week by a user of GitHub, also contributor EOSIO, under the pseudonym "noprom".
According to him, part of the EOS RPC API can expose to the user's private key:
"I'm using the EOS RPC API to develop dApps, and when I unlock my wallet using / v1 / wallet / unlock, I can use / v1 / wallet / list_keys to get all my keys. This can create some security issues. "
This wallet plugin is widely used for testing, and is not intended for an online environment exposed to the risks of the Internet.
Currently, EOS does not have an authentication system to protect access to this parameter of the API , and the attacker browsing the Internet seems aware of the bug, and scans the EOS nodes to see if this parameter still allows it. access to private keys.
Meanwhile, Daniel Larimer defends his project
The founder and CTO of the EOS network, Daniel Larimer, reacted to the case, as we can see in a conversation that ended up on Reddit: As we pointed out to you, in the update of yesterday's article on the flaws discovered by the Chinese firm, a publication on Reddit indicates that these flaws had been repaired.
"We repaired all the known bugs, we have a crash in our wasm test units that we repair. This Chinese report is FUD, it has been repaired even before it is published »
Decentralization or benevolent but arbitrary management?
Daniel Larimer's message has evolved into a debate about decentralization and arbitration , a subject that has often been in the discussions surrounding EOS since its inception. EOS subreddit usershave discussed both the merits and limitations of a system relying too much on Larimer . Because if the rules of the Constitution governing EOS are broken, who will decide what actions should be taken? This can only remind us of the importance of Vitalik Buterin who acted as an authority in deciding hard fork the Ethereum blockchain following the hacking of the smart contract of "The Dao".
This question between the choice of a good leader / team and decentralization is so controversial that a directly competitive project has even emerged: EOS Evolution , which wants to adopt a decentralized approach with a modified version of EOS which would distribute the Voting Rights equally .
Despite all these last-minute events (which curiously happen in the last days before the launch), remember that EOS, with its one-year ICO, managed to have the 4th largest capitalization of the crypto-universe , just behind BTC , ETH , XRP and BCH . We bet there will be other twists before and during the launch of the mainnet EOS, scheduled for Saturday, June 2.
You got a 2.63% upvote from @upmewhale courtesy of @infoslink!
Earn 100% earning payout by delegating SP to @upmewhale. Visit http://www.upmewhale.com for details!
You got a 33.33% upvote from @botcoin courtesy of @infoslink!