Critical Vulnerability Eliminated in Tron Infrastructure

Last Modified:21 May 2019 12:43:00
Critical Vulnerability Eliminated in Tron Infrastructure

Tron Foundation published the details of an eliminated vulnerability. This critical vulnerability which had high severity was published on May 2nd in HackerOne. Through exploiting this vulnerability, the attacker attacks the network infrastructure through sending a request with a few mega-bite size. This attack is called Denial of Service or DOS. In such attacks, the attacker takes system resources such as memory through creating a fake traffic and sending it to the victim and eliminates the possibility of offering services to the real requests. Therefore, these services are no more available for the users. In Tron network, each request locks a thread to the average of 10-12 minutes to parse its different fields. In this time, many mega bites wait at Heap to be processed. In case the number of requests gets more in proportion to the memory size (a thousand to ten thousand requests), they will fill up memory, and there is no possibility of offering services to the new requests. Denial of Service attack is deployed on Tron infrastructure in this way.

Tron Blockchain was launched by Justin Sun in 2017. Currently, this infrastructure supports a cryptocurrency called TRX in addition to offering Smart Contract services. $1500 reward was paid to the security researcher who reported this vulnerability by Tron foundation. This vulnerability had first been reported on January 14th, but its publication after elimination took place recently.

In addition to this vulnerability, another one has been reported in Tron network in this month in Hackerone. The details of this vulnerability has not yet been published, but the $1300 reward was paid to its reporter.

According to TheNextWeb, white hat hackers received $878,000 in 2018 for reporting the vulnerability in different types of Blockchain infrastructures. Paying reward for vulnerability is one of the methods of software developers to identify security vulnerabilities before it being exploited. Paying $534,000 of this reward was through Hackerone platform. Via Hackerone platform, white hat hackers can earn the reward by reporting a vulnerability to the software developers. According to TheNextOne report, Tron has paid about $76,000 reward for the disclosed vulnerabilities.