- Qihoo 360 detects vulnerability in the EOS platform.
- EOS is set for mainnet launch for 6 PM of June 2nd EDT time.
Chinese security giant, Qihoo 360 has found a “series of epic vulnerabilities” in the EOS platform. This challenge comes before the EOS team just before its mainnet launch scheduled for 2nd June.
According to Weibo (Chinese Twitter) of Qihoo 360, reported about bugs to the EOS team. As per the information released by the 360, if this bug in the code is not fixed attacker can deploy smart contracts to this vulnerable code. Which will eventually infect EOS supernode, allowing the deployed contract to get executed and trigger a security bug. The thing is that once the contract is included in a new block, it carries the potential to attack all full nodes including backup nodes, exchanges, and wallets nodes.
In receiving the alert from Qihoo 360, EOS team has responded to the same with enthusiasm, announcing that they won’t launch the EOS network until these issues are fixed. As of now, there hasn’t been any news on the rescheduling of mainnet launch dated 6 PM of June 2nd EDT time, which leaves them with four days in hand to deal with the vulnerability.
On their Weibo, security company urges teams and companies in this industry to pay more attention and get cautious about the security of blockchain projects, as vulnerabilities can be found on other cryptocurrencies in future.
1/ Chinese Internet security giant 360 has found “a series of epic vulnerabilities” in the #EOS platform. Some of the bugs allow arbitrary code to be executed remotely on EOS nodes and even taking full control of the nodes.
Source (in Chinese): https://t.co/pt6nj6EodP
— cnLedger [Not giving away ETH] (@cnLedger) May 29, 2018
tianyangi, posts in reddit, saying that,
I just checked EOS Github issues and I don’t see any mentions of this bug. How did the 360 team submit their issue and who did they submit to? https://github.com/EOSIO/eos/issues