Researchers Point out Major Flaws Affecting the EOS Network

Drama is becoming all too common in the world of cryptocurrency. There are a lot of genuine concerns regarding certain projects, especially when it comes to security and the code base. For EOS, a new security statement was issued which doesn’t bode well for the project in its current state.

The EOS Security Concerns

It is always good to see companies conduct a proper security audit of cryptocurrency projects prior to them being released to the public. In the case of EOS, the project has a massive valuation despite not having a mainnet as of right now. It is evident the value has been heavily inflated by speculation and hype, but it seems all of that will need to be put in check, at least for the time being.

A Medium post by EOSTribe indicates that there are a fair few security concerns regarding the EOS project. That is not necessarily all that surprising, considering that the project has not yet officially launched its mainnet. It is good to see all of these problems come to light prior to the live net launching, although it remains to be seen why these issues are present in the beta version of the EOS platform.

According to researchers, the EOS mainnet will become a “unique target for attack”. Given all of the money raised during the year-long initial coin offering, one would have expected the EOS team to place a strong focus on platform security. That is not entirely the case, though, as it is still relatively easy for malicious actors to cause major harm to this ecosystem. That’s mainly because the existing defenses aren’t sufficient to keep such attacks in check.

The majority of EOS’s functionality will be provided through plugins. While this modular approach is commendable, it also causes a fair few issues. These plugins handle most aspects of the network, including block generation and node connectivity. A node that is producing blocks should not be running any unnecessary plugins, but it remains to be seen if users will do so. In their current state, some of those plugins would allow the chain to be hacked.

As the researchers put it:

One particular plugin we have noticed is the net_api plugin, which provides an API which can be used to control the plugin remotely. If this API is exposed on a public network[,] then anyone with the ability to connect to this network can tell the block producers to disconnect from, or connect to, any other machine. This does not require anything close to a botnet. Without even being a part of the eos-bios network, a Mac Mini could disconnect every peer in the network.

Despite these glaring issues, there’s no reason to dump EOS tokens on the open market either. The problems can be solved with relative ease, and the EOS software will probably undergo major changes prior to being released to the public. Findings like these need to be taken in stride, as they are designed to make the EOS ecosystem more robust in the long run.