Security Audit Firm Claims Vulnerability in EOSIO Smart Contract System Is Due To Poor Coding

Security Audit Firm Claims Vulnerability in EOSIO Smart Contract System Is Due To Poor Coding

General News
May 1, 2018 by Sandra Onyeiwu
2406
Security Audit Firm Claims Vulnerability in EOSIO Smart Contract System Is Due To Poor Coding According to a report, security firms claims to have discovered a “critical vulnerability” in EOS’s smart contract structure through its research platform, Verification as a Service (VaaS). It is reported to be similar to the same kind of bug as the
Bitzamp

Security Audit Firm Claims Vulnerability in EOSIO Smart Contract System Is Due To Poor Coding
According to a report, security firms claims to have discovered a “critical vulnerability” in EOS’s smart contract structure through its research platform, Verification as a Service (VaaS).
It is reported to be similar to the same kind of bug as the recent “batchOverflow” bug that paralyzed many ERC-20 tokens on Ethereum.

Also Read: LianAn Tech Firm Discovers Critical Vulnerability in EOS Smart Contract System

The team at Chengdu LiaAn Technology Co (LianAn Tech) and its research platform VaaS (Verification as a Service) has been able to prove that EOSIO is Turing complete and capable of reproducing any logic, including the logic behind batchOverflow bug.

“There is nothing a smart contract platform can do to prevent developers for making mistakes,” wrote Larimer. “Such mistakes are not security vulnerabilities in the underlying platform.” He goes on to suggest several different ways to prevent problems.

That said, there is a big difference in the options available to developers smart enough to adopt good conventions. One of those options is the implementation of “smart integer” wrappers that automatically check to verify this type of overflows without adding any extra noise to the code.

While Larimer may have a point, it can also be argued that the amount of esoteric knowledge required to create a smart contract on the EOS blockchain may leave less technically skilled users in the dust.
A simple typedef could convert unsafe code into safe code that would fail if any overflow occurred. The combination of c++ templates and operator overloading means that using safe math is as seamless as using unsafe math.


Join Us On Telegram


Add a Comment