In results to the problem of EOS vulnerabilities some time ago, the security team of Zhang Dongyi, the founder and founder of Digital Comet Technology CTO, revealed the overall review details to Lianwen ChainNews, hoping that everyone would raise security awareness, but do not panic too much and treat the security issue correctly.
I. Overview of events.
In the early morning of June 22, the official community of EOS announced that the EOS vulnerability had been found and the tokens that users had voted on mortgages cannot be redeemed before vulnerability was set. Then we verify the vulnerability based on the relevant information to verify that the vulnerability will exist, and prior to the vulnerability is fixed, the specific consumer possessions are mortgaged indefinitely through carefully built attacks, which can’t be redeemed.
We realize that EOS uses the DPoS consensus mechanism, which maintains the EOS network by voting for 21 very nodes locally, and provides processing power, bandwidth and storage space support for the EOS network. Users need not consume EOS, to vote, but EOS will be locked. Users can connect with redeem the home loan anytime after 72 hours following the EOS, program for redemption to the accounts, at exactly the same time, the vote will be deducted.
This vulnerability event occurs through the EOS redemption process. If another consumer mortgage loans the EOS to the redeeming consumer, the machine will first remortgage the EOS in the redemption process. We know that it requires 72 hours for the redemption EOS to reach, and as stated previously, the well-constructed strike theoretically causes the specified user’s possessions to be mortgaged indefinitely, leading to serious injury to the consumer.
2. Vulnerability strike process.
Suppose that the attacked user has 0.0005 EOS along the way of redemption.
At this time, the attacker mortgage loans 0.0001 EOS to the redeeming user.
Following the transaction took effect, we noticed that the attacker’s balance didn’t change, as the 0.0001 EOS that the redemption user was on the path to redeem were forced to mortgage again.
Third, the evaluation of the concept of loopholes.
The attack commands in the attack flowchart are the following:
As the attacker adds the parameter– transfer when invoking the command, the changbw function is named when the home loan function delegatebw is named, where transfer holds true.
When the transfer variable holds true, the from address becomes the address of the attacked subject.
Next, the info of the attacked object is modified, and EOS is mortgaged again.
IV. Loophole mitigation system.
Based on the above analysis, the Digital Comet team suggested that some business logic be altered to alleviate and fix the mortgage loophole.
The 1.transfer parameter should be deducted directly from the balance of the mortgage initiator regardless of whether it is true, or not (the redemption process is not subject to this restriction).
Sort out the relevant business logic and review whether there are similar loopholes.
loophole analysis, Fifth and summary.
Through the above analysis, through carefully constructed attacks, specific user assets are mortgaged indefinitely and cannot be redeemed. The use of mitigation steps to repair the code can effectively alleviate and repair the vulnerability.
Digital comet technology focuses on the ecological security of block chain, and really solves the security problem of block chain to the whole network. The team members are created by the world’s top cyber security assault and defense teams, and the core technical users have contributed security causes to 360,360, Alibaba, SUN China Institute of Executive, and state ministries to identify loopholes exploited by foreign organizations to steal sensitive national information in a timely manner and propose temporary solutions.
The team has obtained various national patents and has submitted major loopholes that can leak tens of millions of citizen user data on local well-known vulnerability platforms for most times. The primary competence of digital comet technology is the security service of blockchain companies, which can be an escort for blockchain ecological companies.