If EOS Can Survive the Bugs It Might Challenge Ethereum

The EOS blockchain network went live on June 14, raising hopes that a powerful challenger to the long-established Ethereum platform had arrived. But the EOS network already has plenty of critics who are pointing out critical security flaws.

Block.one, the Cayman Islands-based company that built the EOS software, did not respond to a request for comment from ThirtyK, but it’s no secret that its goal is to expand its platform and take market share from Ethereum.

Both EOS and and Ethereum are environments that allow developers to create decentralized applications, or dapps, using smart contracts.

“If malicious attackers believe they can manipulate the network for their own financial gain, then it will be attacked,” Kwon says.

EOS is expected to be able to process transactions much faster than its established rival, and Block.one certainly has no shortage of capital to deploy after it raised $4 billion in a yearlong initial coin offering for its EOS (EOS) tokens. Still, there are those who believe Ethereum’s entrenched position as the first mover in the space gives it a powerful advantage.

Security Concerns

Even with the enthusiasm surrounding EOS, some technology experts say the platform already has significant security flaws.

After the EOS blockchain experienced a temporary freeze over the weekend, Cornell University computer science professor Emin Gün Sirer tweeted Monday, “I’m calling it: there will be a massive exchange hack within the next year, taking advantage of an EOS vulnerability. The exchange will lose its hot wallet. Hackers will send the proceeds to downstream exchanges, where they will trade into other coins.”

Yo Sub Kwon, the founder and CEO and of Hosho, a blockchain security firm, tells ThirtyK the EOS team’s response to security problems before the blockchain was officially launched is a cause for concern.

“A couple of weeks before their launch, a major security issue was discovered and the response, in addition to fixing it, was to announce a bug bounty program. Significant issues were discovered through this bug bounty campaign,” he says.

But the EOS team didn’t let the bug bounty, which rewards individuals for reporting software bugs, run for long enough, Kwon says. It was stopped once there was no longer a steady flow of incoming problems.

“The fact that the network wasn’t even live for two days before suffering another critical issue further proves how immature the software is and how much more testing should have be done before launch, which felt sloppy and rushed,” he says, referring to the weekend platform freeze.

It is highly likely security issues will linger, Kwon predicts.