EOS, the fifth-largest cryptocurrency in terms of capitalization, has made headlines in connection with a new issue. A new EOS bug has been discovered that allows stealing resources directly from a user. The resource in question is RAM, which is valuable in the EOS blockchain due to its scarcity. EOS is working on solving the issue and has provided a temporary fix in the meantime.
Why Would Someone Steal RAM?
The EOS blockchain aims to be a decentralized operating system and to allow the running of decentralized applications and smart contracts. Each decentralized application needs RAM to store data and the bigger the application, the more RAM it needs. However, until recently, RAM in the EOS blockchain has been limited to 64gb. Last month, EOS Authority approved a solution that would increase the amount of RAM gradually. In the meantime, RAM has become a valuable resource in the EOS ecosystem and users have been actively trading it. In this way, RAM has become a tradeable commodity with prices fluctuating based on demand and supply. According to the eos.feexplorer.io, 1kb of RAM currently costs 0.12 EOS, which translates into roughly 60 cents.
How the New EOS Bug Works?
According to a Reddit post, the new EOS bug involves a user running malicious code on their account. The code permits adding table rows in the name of another account that is sending them tokens. The users can then steal RAM by “inserting large amounts of garbage into rows when dapps/users send them tokens”.
The temporary solution proposed by EOS is for users to send their tokens through a proxy account which has no RAM. The account that has malicious code interacts only with the proxy account, keeping users’ RAM safe.
Not the First EOS Bug
Thank you. A couple more waiting to be rewarded. I think the final tally was $120K but I lost count. Took me about a week.
— Guido Vranken (@GuidoVranken) June 4, 2018
In addition to the issue of RAM scarcity, which has been discussed in the past, EOS has been hit with some other security flaws. EOS has an open bug bounty program and people who discover vulnerabilities can report them and earn a reward. In June, Dutch hacker Guido Vranken earned around $120,000 in a week by discovering bugs in the EOS blockchain.