Get the Finder app 🥳

Track your credit score

Free

He found a dozen bugs in EOS. How many did he find in other coins?

Posted: 6 June 2018 6:20 pm
News

In a few days an expert hacker found a dozen bugs in EOS, but that's not the only coin he's taken on.

Holland-based "fuzzer" (a specific type of software QA testing) Guido Vranken had a busy and profitable week with the EOS mainnet launch, pulling in about US$120,000 for picking up a dozen different bugs in the EOS software.

These probably aren't as devastating as the "epic" bug uncovered by security firm Vulcan 360 which would have allowed someone to remotely take complete control of the entire system, but they sure are numerous.

EOS was reportedly impressed enough with the findings that they made him a job offer on the spot. With a $4 billion year-long ICO they can probably make a very tempting offer, or just continue to offer $10,000 per bug found.



EOS isn't the first cryptocurrency Vranken has taken on, or the first he's found bugs in. He has also "fuzzed" bitcoin, Ethereum, Ripple, Stellar and Verge, as well as plenty of other non-crypto systems.

In a very cursory sort of way, the results provide an interesting way of comparing the cleanliness of different coins at a glance.

"Judging by the number of issues found (1) after extensive fuzzing, the Bitcoin code appears to be exceptionally well-written," he said of bitcoin. The bug he found wasn't even being used by bitcoin at the time, so didn't pose a security risk.

He's previously found similar "remote crash/memory" bugs in Ripple, Stellar and Ethereum, although they were apparently much less numerous than they were in EOS. He also took a brief look at Verge and quickly picked up an unknown number of vulnerabilities, but didn't bother disclosing them because Verge isn't offering a bug bounty.

Based on this alone, bitcoin might be exceptionally tidy, while Ripple, Stellar and Ethereum are also very polished. EOS might be a bit clumsier but clearly dedicated to fixing it, while Verge is just an ongoing disaster that knows it's vulnerable but doesn't care enough to spend money on fixing itself, and could probably be taken down at any time by anyone with enough know-how and care-how. Although as one commenter "joked", a bug bounty would probably bankrupt Verge.

It's worth remembering that finding bugs is a good thing on the whole because it means they've been fixed. As cryptocurrency consumers get savvier, scammers follow suit. Proper security audits can be expensive, but the number of bugs being found even in reputable projects highlights how important they are.

These days, not offering a bug bounty and refusing to thoroughly audit oneself are the biggest red flags a project can wave.


Disclosure: At the time of writing the author holds ETH, IOTA, ICX, VET, XLM, BTC, NANO

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Latest cryptocurrency news

Picture: Shutterstock

Latest crypto guides

Ask an Expert

You are about to post a question on finder.com.au:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com.au is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms of Use, Disclaimer & Privacy Policy and Privacy & Cookies Policy.
Go to site