Researcher Finds Critical TRON Bug That Could've Crashed Its Blockchain

A researcher has recently found a critical bug that could’ve crashed TRON’s $1.6 billion blockchain with just one computer, if bad actors consumed its CPU power with Distributed Denial of Service (DDoS) attacks.

According to a HackerOne disclosure report, a potential DDoS attack on the TRON blockchain could’ve consumed all of its resources. Potential attacks could, for example, see bad actors call for smart contracts to be deployed, loaded with malicious code.

The report reads:

Using a single machine, an attacker could send DDOS attack to all or 51 percent of the [Super Representative] nodes and render TRON network unusable, or make it unavailable.

As first reported by The Next Web, a flaw in TRON’s wallet allowed all of the network’s memory to be consumed by one single computer. The bug was first discovered on January 14, and the researcher who found it was rewarded with $1,500 on February 1.

A second bounty worth $3,100 was paid out, although the TRON Foundation hasn’t disclosed any further details on the flaw, according to TNW. HackerOne bounties have, over time, become an industry norm, with the TRON Foundation itself already having paid out $78,800 in bounties to researchers for 15 separate reports.

The highest single bounty TRON paid out was of $10,000. As CryptoGlobe covered, however, Coinbase has paid a hacker $30,000 for a critical vulnerability earlier this year, although details on the vulnerability weren’t disclosed.

Cryptocurrency-related bug bounties are a lucrative business. Data has shown that blockchain companies have received “at least” 3,000 vulnerability reports last year, and paid out nearly $900,000 to security researchers for these.

As of March of this year, 43 different vulnerability reports had been filed to blockchain-related firms. Some of these found vulnerabilities were in some of the largest cryptocurrency networks in the world, including Brave, EOS, and Monero.