The Tron Foundation disclosed a fixed critical vulnerability which could have crashed its blockchain on vulnerability disclosure platform HackerOne on May 2.
The disclosure explains that with enough malicious requests, an attacker could have filled up all the available memory and effectively perform a Distributed Denial of Service attack on the TRXnetwork by employing malicious code in a smart contract. The disclosure further explains the impact of such an attack:
“Using a single machine an attacker could send DDOS attack to all or 51% of the SR node and render Tron network unusable or make it unavailable.”
The cybersecurity researcher who discovered and disclosed the vulnerability was given a bounty of $1,500. The issue was first reported on January 14, but has been publicly disclosed only recently, after it was already fixed.
As reported at the end of last year, white hat hackers were awarded $878,000 in bug bounties in 2018.
The largest country payer was reportedly Block.one. Major cryptocurrency exchange Coinbasewas the second-largest bounty spender at $290,381 while Tron was the third-largest, reportedly paying out $76,200 in 2018.
By the beginning of February 2019, EOS.io, the company responsible for the development of fourth-largest crypto by market cap eos, had already handed over bug bounties for five critical vulnerabilities this year.