New EOS Vulnerability Allows to Steal RAM Resources Directly From Users

New EOS Vulnerability Allows to Steal RAM Resources Directly From Users

EOS, the cryptocurrency currently completing the top 5 of the biggest digital assets in terms of market capitalization, has made headlines for the wrong reasons yet again, as a fresh bug in its system was discovered yesterday. The vulnerability enables attackers to enter their own code to deceive the EOS network into incorrectly distributing RAM resources.

EOS is a decentralized operating system, hosting an ever-increasing number of decentralized apps (dApps). RAM is an essential resource within the system, as each dApp uses it to store data. The RAM limit in EOS blockchain was capped at 64GB, however last month the network block producers approved the update to increase available RAM gradually, at 1KB per block.

In the meantime, the scarcity has turned RAM into a much sought-after commodity in the EOS blockchain. Up until May, users were able to purchase RAM at a fixed price, however, the company behind EOS, has since initiated the EOSIO Dawn 4.0 update, which changed the marketplace into a supply-demand model.

Ledger Nano S - The secure hardware wallet

This resulted in widely-publicized RAM hoarding and speculation, which caused the prices to skyrocket into oblivion, with 1MB of RAM costing 910 EOS ($8200 at the time). The prices have since stabilized with 1MB going for around 125 EOS tokens at press time.

Back to the issue at hand – the EOS Essentials has shed more light on Github, saying that, “A malicious user can install code on their account which will allow them to insert rows in the name of another account sending them tokens. This lets them lock up RAM by inserting large amounts of garbage into rows when dapps/users send them tokens.“

Vulnerability in such a vital resource is undoubtedly a threat to the whole network and thankfully a temporary solution was quickly provided by the team. Users must use a “proxy” (an account with no RAM) to make transactions. Clearly, this is not a long-term solution but rather a quick fix to mitigate the damage until an emergency update is developed.

According to one of the main developers speaking to Hard Fork, the only way to get affected by the bug is to initiate contact with the malicious account. César Rodriguez claimed that, “Every account (wallet) can have code, so every transaction could block your RAM. Just to make it clear, you need to send the transaction to the malicious account. It’s not that someone can block your account by sending something to you.“

EOS has been going through a rough patch lately, with numerous vulnerabilities and community issues hindering its development. Nonetheless, there are some that benefitted from solving these problems, with a Dutch “ethical hacker” Guido Vranken earning $120,000 in one week, after discovering a number of bugs in the EOS blockchain.

Image Source: “Flickr”

Ledger Nano S - The secure hardware wallet