The TRON Foundation has announced that a critical vulnerability was found by a white hat hacker, which could have rendered the TRON blockchain unusable by performing what was described as “Distributed Denial of Service (DDoS) to all or 51% of the SR node.
TRON disclosed the vulnerability through the platform Hacker.One on May 2, and it states that by sending enough malicious requests to hog computing resources and using a smart contract with malicious code, the hacker could have compromised the blockchain. The summary reads,
A single request to submit a post to /wallet/deploycontract with several megabytes of bytecode along with CPU intensive long parsing will consume CPU for about 10 minutes while still holding several megabytes of bytecode in heap. With enough requests (lets say 1K-10K depending upon available memory), its enough to use all the available threads to service incoming HTTP request, fill up the memory and render DDOS.
TRON has paid the white hat hacker $1,500 in bounties for discovering the bug. Bug bounties are a popular way for networks to discover vulnerabilities. In 2018, hackers earned nearly $1 million in bug bounties.
