A critical security flaw was discovered in the TRON network, which had the potential to render the ecosystem blockchain unusable.
Developed by the Tron Foundation, TRON's native cryptocurrency TRX was launched in 2017 and has a market capitalization of $1.61 billion.
According to a recently published and publicly released HackerOne tips for bug bounty program, as Next Web noted, a wave of requests sent by a single computer could be used to squeeze blockchain processor power, overload memory, and carry out an attack. distributed denial of service (DDoS).
The opinion states that "using a single machine, an attacker could send DDOS attacks to all or 51% of Super Representative (SR) and render the Tron network unusable or unavailable."
The vulnerability is labelled as "high", with a severity rate of 7 to 8.9.
To exploit the issue, an attacker would send a post to /wallet/deploycontract, a means of requesting the deployment of a Tron blockchain contract. Each request had to contain a few megabytes of bytecode
.
With enough requests, ranging from 1,000 to 10,000 depending on available memory, a single system could take up all the request slots and cause DDoS, preventing legitimate users from accessing the network.
The security flaw was revealed by the bounty hunter. Danish shrestha in January for the Tron Foundation, resulting in a $1,500 bug bounty.
Separately, there was another security flaw affecting the TRON network revealed this month, earning researcher Jacob Wood $3,100. However, no details of the vulnerability have been published.
Bug bounty programs are a means of outsourcing cybersecurity expertise. HackerOne and Bugcrowd are two of the most popular bounty hunting platforms, and both are used by companies around the world to improve the security of their products.
Startups based on blockchain technology and cryptocurrencies are also present on these platforms. Last year, a single security researcher managed to earn at least $80,000 in just 24 hours by finding and reporting vulnerabilities affecting the EOSIO blockchain and Eos.js libraries.
A whole cryptocurrency ecosystem can become unusable due to a single fault, as the TRON blockchain vulnerability has shown. However, it's not just security flaws that can put investors' cryptocurrencies at risk.
In February, $136 million worth of cryptocurrency was frozen after the death of the CEO of QuadrigaCX. The executive was the only one who had access to the company's cold wallet and without access credentials from him, the funds are believed to be permanently lost and the trading platform has now been forced to do so.
