TRON (TRX) has been one of the most innovative and modern projects in the entire crypto/blockchain space, and as such, it received a lot of praise during the past year. However, according to new data delivered by HackerOne, it appears that the network is not as flawless as it first appeared. In fact, the entire network could have been crashed by a single PC.
Bytecode attack that could have crashed the entire network
Since it was discovered, the vulnerability was dubbed the ‘bytecode’ attack. Simply put, this method requires the use of a large piece of bytecode that has the potential to consume TORN network’s resources, and potentially even completely shut it down, thus making it unable to process transactions or smart contracts.
The report claims that a single request to submit a post with a several megabytes-large bytecode, in addition to the CPU-intensive long parsing might have consumed the CPU for 10 minutes, while still holding the bytecode in a heap. The method could have easily led to a DDoS attack.
The TRON Foundation allegedly knew that there is some sort of a vulnerability, which is why they paid $1,500 to security researchers, tasking them to find it. At this point, the flaw appears to be resolved. However, the revelation remains shocking, especially for those involved with the cryptocurrency.
The issue was seemingly first reported around January 13th of this year, but TRON did not reveal it to the public until less than a week ago, on May 2nd. The Foundation used this span of a few short months to patch the bug, most likely with TRON’s latest version, issued about a month ago, on April 9th.
The report of the bug stresses the fact that a single computer could have caused a DDoS attack that would affect at least 51% of the network’s nodes. At worst, all of them would have crashed, thus making the network unavailable for an unknown period.
The blockchain-crashing bug worth only $1,500
So far, the TRON Foundation has not issued an official report of the matter, despite its severity and a massive impact on everyone involved. Of course, TRON is known for using platforms like HackerOne for hunting bugs, and many other crypto projects are doing the same. So far, it is estimated that various projects have paid around $878,000 to white hat hackers who managed to locate serious flaws that might damage different projects.
While $1,500 is a considerable amount, many believe it to be quite small, considering the size and severity of the flaw. If it were discovered by an unfriendly entity, it could have completely crashed one of the most popular and fastest-advancing blockchains in the industry. Estimates claim that the TRON network currently has the value of around $1.6 billion, while the project sees a daily trading volume of around half that amount.
While TRON’s price has not been a top performer in the recent period, it would have likely gone down considerably if the vulnerability was discovered by hostile entities. Not to mention other consequences, such as getting delisted on exchanges, or damaging the total market cap and reputation of the rest of the crypto space.
However, it should be noted that the flaw would not let anyone steal TRX coins, and the only way for hackers to profit from it would be from shorting after the network had crashed. Even that would be difficult, as not a lot of exchanges offer margin trading for altcoins. In other words, the only way to make a profit from the bug was to report it and get the $1,500 reward.
For the latest cryptocurrency news, join our Telegram!
Disclaimer: This article should not be taken as, and is not intended to provide, investment advice. Global Coin Report and/or its affiliates, employees, writers, and subcontractors are cryptocurrency investors and from time to time may or may not have holdings in some of the coins or tokens they cover. Please conduct your own thorough research before investing in any cryptocurrency and read our full disclaimer.
Like what you read? Give us one like or share it to your friends