He found a dozen bugs in EOS. How many did he find in other coins?
In a few days an expert hacker found a dozen bugs in EOS, but that's not the only coin he's taken on.
Holland-based "fuzzer" (a specific type of software QA testing) Guido Vranken had a busy and profitable week with the EOS mainnet launch, pulling in about US$120,000 for picking up a dozen different bugs in the EOS software.
These probably aren't as devastating as the "epic" bug uncovered by security firm Vulcan 360 which would have allowed someone to remotely take complete control of the entire system, but they sure are numerous.
EOS was reportedly impressed enough with the findings that they made him a job offer on the spot. With a $4 billion year-long ICO they can probably make a very tempting offer, or just continue to offer $10,000 per bug found.
EOS isn't the first cryptocurrency Vranken has taken on, or the first he's found bugs in. He has also "fuzzed" bitcoin, Ethereum, Ripple, Stellar and Verge, as well as plenty of other non-crypto systems.
In a very cursory sort of way, the results provide an interesting way of comparing the cleanliness of different coins at a glance.
"Judging by the number of issues found (1) after extensive fuzzing, the Bitcoin code appears to be exceptionally well-written," he said of bitcoin. The bug he found wasn't even being used by bitcoin at the time, so didn't pose a security risk.
He's previously found similar "remote crash/memory" bugs in Ripple, Stellar and Ethereum, although they were apparently much less numerous than they were in EOS. He also took a brief look at Verge and quickly picked up an unknown number of vulnerabilities, but didn't bother disclosing them because Verge isn't offering a bug bounty.
Based on this alone, bitcoin might be exceptionally tidy, while Ripple, Stellar and Ethereum are also very polished. EOS might be a bit clumsier but clearly dedicated to fixing it, while Verge is just an ongoing disaster that knows it's vulnerable but doesn't care enough to spend money on fixing itself, and could probably be taken down at any time by anyone with enough know-how and care-how. Although as one commenter "joked", a bug bounty would probably bankrupt Verge.
It's worth remembering that finding bugs is a good thing on the whole because it means they've been fixed. As cryptocurrency consumers get savvier, scammers follow suit. Proper security audits can be expensive, but the number of bugs being found even in reputable projects highlights how important they are.
Disclosure: At the time of writing the author holds ETH, IOTA, ICX, VET, XLM, BTC, NANO
- IOTA launches Pollen update: End of an era, start of another
- 5 curious findings from a new government cryptocurrency survey
- Alexander Mashinsky on killing the banks with cryptocurrency: Part 1
- Bitcoin and S&P correlation tighten, IMF warnings highlight crypto risks
- You can now pay for Bitcoin at Australia Post (with 5.9% in fees)