With the EOS bug-bounty still on going, ethical hackers and hard-working developers have located an awful lot of bugs within the new EOSIO network. This is possibly both a good thing and a bad thing for EOS and Block.one. First and foremost, EOS need these bugs to be uncovered and, if anything, it seems the bounty is paying off. On the flip side though, with so many bugs uncovered, it does make you wonder how much due diligence Block.one have carried out prior to launching EOSIO.
Either way, it does seem that EOSIO is as buggy as anything, so, before we see the full MainNet launched, we’ve got to see some pretty large-scale fixes rolled out. Once this is done and the creases are ironed out, EOS should be back on track for a big old roll out.
You can have a look at the number of vulnerabilities spotted on Hackerone- https://hackerone.com/eosio/hacktivity?sort_type=latest_disclosable_activity_at&filter=type%3Aall%20to%3Aeosio&page=1&range=forever
A quick scan of this list shows just how many bugs have been found, and, how recently they have been located too. Interestingly, you can also use this tool to see what pay-out each report has received. Bounties seem to range from a mere $250.00 to a potentially life changing $10,000.00. Moreover, a number of these reports taking $10,000.00 pay-outs have come from the same developers. One such developer goes by the name of Guido Vranken, according to TheNextWeb:
“Guido Vranken, the security researcher who won $120,000 in EOS bug bounty program earlier, has discovered another vulnerability in EOS. But more worryingly, it appears he is not the only one to have found new kinks in the network.”
“Vranken says the new flaw he discovered has to do with unbounded recursion in Binaryen WASM parsing. For those unfamiliar, unbounded recursion occurs when a function that calls itself from within enters an endless loop – until the computer runs out of resources and dies. This means that if anyone attempts to compile to web assembly (WASM) using the Binaryen compiler, their computer could go kaput.”
See the full report for yourself here-
We are pretty confident that EOS are going to allow this to take as much time as it needs in order to ensure that these bugs are located and dealt with. It seems they aren’t afraid to spend money in the process and generally, with such high bounties, we can assume this is something they are intent on fixing.
For now, we need to see how this develops and of course, we need to wait for the EOS community votes to start rolling in before we see EOSIO progress to the next stage.