More Than 40 Bugs Detected on Major Blockchain Platforms
According to the reports submitted to vulnerability disclosure platform Hacker One, forty-three different vulnerabilities were reported on different cryptocurrency platform in the past month by security researchers. An investigation found out that between February 13 and March 13, these many bugs were detected by White Hat Hackers.
Various types of vulnerabilities were reportedly found in some of the world’s largest cryptocurrency networks including Brave, Coinbase, EOS, Monero ( XMR ), and Tezos.
E-Sports gambling platform named Unikrn received the most number of vulnerability reports compared to any other Blockchain platforms with a total of 12 bugs flagged via its disclosure program. OmiseGo developer Omise with six bug reports came in second. EOS, the world’s largest platforms for creating decentralized applications (dApps), came in third with five vulnerabilities in their source code.
Tendermint, a P2P networking protocol, and blockchain consensus algorithm received four bug reports and is followed by Augur and Tezos with three each. Monero, ICON, and MyEtherWallet two received bug reports each. One each was received by the cryptocurrency exchange Coinbase, Crypto.com, Electroneum, and Brave Software.
As per the report, it is entirely possible that some of the flaws might be not related to their cryptocurrency and blockchain functionalities as was the case with Brave Software, the developer of the semi-centralized “decentralized” Brave browser.
The security researchers were given a total of $23,675 as bounty for finding these bugs by the related crypto and blockchain networks. Tendermint handed out the highest amount of $8500, to the team while the Unikrn team only gave out $1,375 despite having the highest number of bugs. EOS reportedly paid $5500 to the researchers.
Apparently, most of the vulnerability reports are closed off from the public, and the details aren’t known. However, from the low compensation amount that was handed out, it can be ascertained that the bugs weren’t serious.
Block.one, though, revealed that four out of the five bugs found in their source code had to do with a buffer overflow flaw. The shortcoming made it possible to inject arbitrary code. The defect has since been resolved. Block.one is a Cayman Islands-registered blockchain platform which was an initial developer of EOS.