Cornell Professor and Nick Szabo Heavily Criticize EOS for Bugs and Centralization

As CCN reported on May 29, the launch of the mainnet of EOS was delayed due to a critical bug found by China-based cybersecurity firm Qihoo 360. Emin Gün Sirer, a professor at the prestigious Cornell University, criticised EOS developers for not seeking assistance from consensus protocol experts.

Even after the mainnet launch, Sirer and other cryptocurrency experts including smart contracts pioneer Nick Szabo condemned EOS for its code and centralization issues.

Sirer Said EOS Problems Will Get Worse

In an official report in May, Qihoo 360 shared its conversation with EOS chief technical officer Daniel Larimer, disclosing the EOS out-of-bound write vulnerability. According to the Qihoo 360 team, the vulnerability enables hackers to exploit and compromise the EOS Supernode.

“We found and successfully exploited a buffer out-of-bounds write vulnerability in EOS when parsing a WASM file. To use this vulnerability, attacker could upload a malicious smart contract to the nodes server, after the contract get parsed by nodes server, the malicious payload could execute on the server and taken control of it. After taken control of the nodes server, attacker could then pack the malicious contract into new block and further control all nodes of the EOS network,” said the Qihoo team.

The report from Qihoo 360 added that the team initially discovered the vulnerability on May 11 and exploited it on May 28. Qihoo 360 disclosed the vulnerability to the EOS team, which then “fixed” it and closed the issue on Github. However, on May 29, Qihoo 360 discovered that the vulnerability was not completely fixed and thus released its report to the public.

The vulnerability in the codebase of EOS left the blockchain network open to harsh criticism, primarily because EOS was expected to launch its mainnet on June 2, within the next five days.

Sirer, a renowned cryptocurrency researcher and Cornell University professor, stated that the situation of EOS “will get worse,” and emphasised that the bug bounty system created by EOS is not practical in finding conceptual or structural errors with the protocol.


Read Full: Cornell Professor and Nick Szabo Heavily Criticize EOS for Bugs and Centralization