EOS bugbuster ‘earns $120k in seven days’
Dutch ethical hacker and researcher Guido Vranken has earned a $120,000 reward over the past week for detecting a series of bugs in the blockchain solution EOS.
After a thorough analysis of the technology Vranken, who has previously undertaken similar work for Ethereum, Ripple and Stellar – found several vulnerabilities in the EOS network.
Vranken responded to the ‘bug bounty program’ launched in late May ahead of the EOS network’s mainnet launch on June 2 by its developer Blockone, using the bounty platform HackerOne. The program offered a $10,000 reward for every bug exposed.
HackerOne indicated that Vranken earned a total of $90,000 for detecting nine bugs, although he has announced via Twitter that his final remuneration will be $120,000 and that EOS also offered him a position with the company based on his detective work.
“The EOS people are very appreciative of my efforts,” added Vranken. “Reported bugs were quickly analysed and fixed in their public repository. At first the process was very ad-hoc because Daniel Larimer [CTO of EOS] and I were sending files back and forth on Telegram, but they’ve since started to run a bug bounty program on HackerOne which I think is in the best interest of both bug finders and the EOS team.”
According to reports, since 2014 Vranken has successfully uncovered a total of 92 software bugs in companies that include Twitter, Tor, OpenSSL, Dropbox, Python, Yahoo!, Slack, Trello and HackerOne. He periodically presents the details on his official website.
Fixing the bugs
On May 28, Larimer (left) tweeted: “Help us find critical bugs in #EOSIO before our 1.0 release. $10K for every unique bug that can cause a crash, privilege escalation, or non-deterministic behaviour in smart contracts.”
Chinese internet security company Qihoo 360 responded that it had found a series of high-risk vulnerabilities with EOS.
Qihoo 360 added that Block.One had promised to hold off EOS mainnet launch until the vulnerabilities were eliminated, but the company still went ahead with the launch stating that all bugs would be eliminated by the June 2 scheduled date.