05/28 – 06/03
- Total market cap. reached $347.24 bn (a 6.4% increase), where 7 day trading volume rebounded by 3.7% for top 100 crypto
- 7 June: ADA to release roadmap update
- 9 – 10 June: EOS to host Global Blockchain Hackathon in Hong Kong
THOUGHTS OF THE WEEK
This week has been a real rollercoaster for EOS. On 29 May, the Vulcan team of Qihoo 360 published a report detailing security loopholes found in EOS’ codebase. As noted in our Chart of the Week, EOS’ price dipped to 0.001526 BTC on 29 May. However, the loophole was promptly resolved by EOS’ development team and EOS’ price recovered to 0.002 BTC on the official release of EOSIO 1.0.
This security incident was caused by a buffer out-of-bounds write vulnerability in the WASM contract function of EOS. In particular, developers use the function “assert” to check the “offset” field to ensure the accuracy of storing elements into the function table when designing smart contracts in EOS. However, the “assert” function could not perform checking in the proposed EOS release build, which would have allowed attackers to control the entire EOS network remotely by publishing a new block containing malicious smart contracts, enabling the manipulation of transactions, stealing of user private keys, and mining of other cryptocurrencies. This security loophole was addressed by Daniel Larimer in issue 3498 published on Github, where it was stated that “FC_ASSERT” should be used for checking instead. We believe that raising rewards in bug bounty programs and hiring external security experts to perform audit checks on blockchain platforms can mitigate security risks of platform tokens in the future.
We also observe that the battle of scalability has been heating up among platform protocols this week. While an EOSIO Blockchain can support 1,000 TPS with the potential of reaching 1mn TPS via IBC , Vitalik B. of Ethereum claimed that the Ethereum network will be able to achieve 100mn TPS, potentially with the aid of second-layer solutions such as Sharding and Plasma. Scalability continues to be a top priority for platform protocol developers in the near term.
© 2018 Standard Kepler