By CCN: According to The Next Web and explosive data from HackerOne, a security bounty website, a single computer could have shut down the Tron network by draining the cryptocurrency network’s resources.
Bytecode Attack Threatened to Bring Tron to Its Knees
We could dub the vulnerability a “bytecode” attack. The method involves using a massive piece of bytecode to consume the resources on Tron’s network, effectively shutting it down for things like processing smart contract requests and even transactions.
The report’s summary reads:
“A single request to submit a post to /wallet/deploycontract with several megabytes of bytecode along with CPU intensive long parsing will consume CPU for about 10 minutes while still holding several megabytes of bytecode in heap. With enough requests (lets say 1K-10K depending upon available memory), its enough to use all the available threads to service incoming HTTP request, fill up the memory and render DDOS.”
The Tron Foundation paid the security researcher $1,500 for discovering the bug, and has marked the issue as “resolved.”
One Malicious PC Could Have Crippled the Cryptocurrency
First reported on January 13th, Tron didn’t disclose the bug until May 2nd. Presumably, they implemented a patch in the meantime. The last version of Tron was released on April 9th.
According to the bug reporter, the “impact” of the bug was:
“Using a single machine an attacker could send DDOS attack to all or 51% of the SR node and render Tron network unusable or make it unavailable.”
Tron Foundation has neglected to blog on the subject, which would seem a serious matter to anyone who believes in the Tron network. According to the Next Web, cryptocurrency projects have paid out a total of $878,000. Numerous crypto companies use the HackerOne platform to encourage white hat hackers to disclose flaws discovered in…