An EOS vulnerability was discovered that could have potentially caused the EOS mainnet launch to be delayed.
The 360 Vulcan team from Qihoo 360, a Chinese internet security firm, discovered the vulnerability and reported it to the EOS team to take immediate action. The 360 Vulcan team released a report (English version) detailing what they had discovered.
The EOS Vulnerability
In short, the EOS vulnerability would allow an attacker to build a smart contract with malicious code and infiltrate the EOS mainnet with it. EOS supernodes would put the malicious smart contract, without being aware that it is malicious, into all new EOS blocks. The malicious code would then spread to all nodes on the network and wreak havoc, giving the attacker full control of the entire network.
With full control of the EOS network, the attacker would have access to all data. They would be able to steal private keys, control transactions, and infiltrate wallets and exchanges.
“The series of new security vulnerabilities discovered by the 360 security team in the smart contract virtual machine on the EOS platform is a series of unprecedented security risks. Security researchers have not found such problems before. This type of security issue affects not only EOS but also other types of blockchain platforms and virtual currency applications.” the report stated.
The report also expressed hope that this discovery would lead to enhanced security of the entire blockchain network, not just of EOS, but of all blockchain projects out there.
EOS Takes Action
Qihoo 360 quickly reported the issues they had discovered to Dan Larimer and the EOS team.