TRON (TRX) has been one of the most innovative and modern projects in the entire crypto/blockchain space, and as such, it received a lot of praise during the past year. However, according to new data delivered by HackerOne, it appears that the network is not as flawless as it first appeared. In fact, the entire network could have been crashed by a single PC.
Bytecode attack that could have crashed the entire network
Since it was discovered, the vulnerability was dubbed the ‘bytecode’ attack. Simply put, this method requires the use of a large piece of bytecode that has the potential to consume TORN network’s resources, and potentially even completely shut it down, thus making it unable to process transactions or smart contracts.
The report claims that a single request to submit a post with a several megabytes-large bytecode, in addition to the CPU-intensive long parsing might have consumed the CPU for 10 minutes, while still holding the bytecode in a heap. The method could have easily led to a DDoS attack.
The TRON Foundation allegedly knew that there is some sort of a vulnerability, which is why they paid $1,500 to security researchers, tasking them to find it. At this point, the flaw appears to be resolved. However, the revelation remains shocking, especially for those involved with the cryptocurrency.
The issue was seemingly first reported around January 13th of this year, but TRON did not reveal it to the public until less than a week ago, on May 2nd. The Foundation used this span of a few short months to patch the bug, most likely with TRON’s latest version, issued about a month ago, on April 9th.
The report of the bug stresses the fact that a single computer could have caused a DDoS attack that would affect at least 51% of the network’s nodes. At worst, all of them would have crashed, thus making the network unavailable for an unknown period.
The blockchain-crashing bug worth only $1,500