Chengdu LiaAn Technology Co (LianAn Tech) and its research platform VaaS (Verification as a Service), part of the EOS.CYBEX group, has identified a critical vulnerability embedded in the EOS smart contract architecture.
The flaw is strikingly similar to the ‘batchOverflow’ bug that crippled a long list of ERC-20 tokens, most predominantly BeautyChain (BEC), eventually leading to the suspension of trading and withdrawals of all ERC-20 tokens across most major exchanges this last week.
The batchOverflow exploit took advantage of a set of rather innocuous lines of code containing a value for the variable ‘amount’, which is determined by the multiplication of values for variables ‘cnt’ and ‘value’.
Hackers simply set the value of the amount variable to eight vigintillion. This passing of this outrageously large number through the code caused it to overflow, granting the wallet targeted by hackers an ungodly number of tokens every time.
And because the law of smart contracts deems anything ratified by code to be completely valid, each transfer was legitimate, allowing for the generation of practically unlimited tokens out of thin air.
LianAn Tech took a close look at the batchOverflow exploit and investigated the EOS blockchain smart contract architecture using integer overflow vulnerability detection and security verification and found that the smart contracts on the EOS blockchain are subject to almost exactly the same vulnerability.
Whether or not this is proof that the EOS.CYBEX collaborative effort is working as intended or that the EOS platform still needs extensive work before it can truly rival to smart contract pioneer Ethereum remains to be seen.
EOS’s market cap has reached an incredible high of US$18.6 billion this month, up from US$4.5 billion at the start of April – an increase of over 400%. That’s almost as high the peak valuation of Elon Musk’s SpaceX, which has been valued as much as US$23.7 billion this year.
Image From Shutterstock