Bug on TRON could have allowed a single computer to crash the network

Bug on TRON could have allowed a single computer to crash the network

A high severity bug on the TRON network could have allowed an attacker with a single computer to crash the network, as first reported by TNW. The fault stems from a vulnerability related to spamming smart contracts.

On Jan. 13th, software engineer Danish Shrestha reported a bug to TRON that would have allowed an attacker to conduct a distributed-denial-of-service attack on the TRON blockchain.

“Using a single machine an attacker could send DDOS attack to all or 51% of the SR [super representative] nodes and render Tron network unusable or make it unavailable.”

The bug stems from one type of computationally intensive operation, which takes 2-3 minutes for a modern MacBook Pro to process. A particular type of smart contract deployment on TRON’s wallet required six of these operations. In combination, these deployments had the potential to bog down the TRON blockchain.

By spamming these smart contract deployments it was possible to overwhelm the TRON network, clogging up available CPU and memory—rendering the blockchain unusable.

The exploit is similar to other types of denial-of-service (DoS) attacks. Simple attacks like spamming transactions or smart contract requests make it possible to overwhelm the resources of a network and make it inaccessible.

Justin Sun reveals launch date for second-layer scaling, “100X scalability” for TRON
Related: Justin Sun reveals launch date for second-layer scaling, “100X scalability” for TRON

Networks like Bitcoin and Ethereum add a cost to transactions to prevent this simple kind of attack (although there are many other types), while XRP Ledger has a cost attached to creating new addresses for similar reasons. Networks are vulnerable if resources are too cheap or free.

Something to keep in mind is that these kind of bugs are not uncommon, especially for a system as complex as a blockchain protocol.

EOS is known for giving out large bug bounties to incentivize ethical hacking. Since blockchain protocols are oftentimes open-source, companies like TRON can leverage the community to discover vulnerabilities as people probe the code.

The TRON Foundation awarded Shrestha $1,500 for finding the bug and marked the issue resolved on Jan. 31st.


Updated: Nov 7 at 2:31 am UTC

TRON, currently ranked #11 by market cap, is up 4.68% over the past 24 hours. TRX has a market cap of $1.61B with a 24 hour volume of $739.16M.

Chart by CryptoCompare

TRON is up 4.68% over the past 24 hours.

Posted In: , Hacks, Price Watch
Invest with AMFEIX

Like what you see? Get more Tron news in your inbox

Subscribe to CryptoSlate, our daily newsletter containing the top stories and analysis.

Sign up to stay informed
Mitchell Moos

Mitchell Moos

Contributing Analyst @ CryptoSlate

Mitchell is a software enthusiast and entrepreneur. His first startup built algorithms for optimizing cryptocurrency mining. Prior to CryptoSlate, Mitchell was a project manager at a firm that built distributed software on Hyperledger. In his spare time he loves playing chess and hiking.

View author profile

Disclaimer: Our writers' opinions are solely their own and do not reflect the opinion of CryptoSlate. None of the information you read on CryptoSlate should be taken as investment advice, nor does CryptoSlate endorse any project that may be mentioned or linked to in this article. Buying and trading cryptocurrencies should be considered a high-risk activity. Please do your own due diligence before taking any action related to content within this article. Finally, CryptoSlate takes no responsibility should you lose money trading cryptocurrencies.