LianAn Finds Batch Overflow Vulnerability in EOS Blockchain

May 1, 2018 by Cameron Bishop

Chengdu LiaAn Technology Co (Chain Security), which provides security audits through its research platform VaaS (Verification as a Service) has identified a critical vulnerability in the EOS blockchain network that could lead to a similar situation faced by BeautyChain (BEC) token. Chengdu LiaAn Technology Co is an EOS.CYBEX incubated tech firm.

Last week, a batch overflow bug paralyzed several ERC-20 tokens, leading to an urgent suspension of trading and withdrawals by cryptocurrency exchanges. The tokens following the ERC-20 standard calculate the value for the variable ‘amount’ by multiplying the value of the variables ‘cnt’ and ‘value’. This was exploited by notorious programmers who set the value of the variable ‘amount’ to eight vigintillion.

This resulted in an overflow whenever the code was processed. The output, a large figure representing the number of tokens to be sent, was directed to hackers wallet. As smart contracts strictly follow the code, the transaction stood valid. This resulted in the creation of unlimited tokens from practically nothing.

When LianAn Tech investigated the EOS blockchain, it found similar integer overflow vulnerability. The identification of a flaw in the network can be either seen as an outcome of a successful collaborative effort by EOS.CYBEX or a reminder that the EOS platform may need further tweaking of the code. At the time of writing this article, EOS was trading at $16.20, which represents a market capitalization of $13.42 billion.