Nick Szabo and Cornell Professor Criticize EOS for Centralization and Bugs

The launch of EOS's Mainnet was delayed due to an important bug received by China-based cyber security firm Qihoo 360. Professor Emin Gün Sirer of the prestigious Cornell University criticized EOS developers for seeking support from the consensus protocol experts. Even after the main net launch, Sirer and other cryptocurrency specialists, Smart Contract Leader Nick Szabo condemned EOS for their code and centralization issues. Sirer said EOS problems will get worse In an official report in May, Qihoo 360 shared his conversation with Daniel Larimer, chief technical officer of EOS, exposing vulnerability writing outside the EOS. According to the Qihoo 360 team, vulnerability enables hackers to exploit and compromise EOS SuperNode.

"We successfully exploited and successfully exploited the vulnerability of writing a buffer out-of-bound in eos while parsing the WASM file. To use this vulnerability, after the attacker parsed the nodes on the server, the attacker node server But a malicious smart agreement can be uploaded, malicious payloads can be executed on the server and take control of it. Qihoo team said, node On the server after taking control, the attacker can pack in new block malicious contract and all nodes of the EOS network and can control".

The report of Qihoo 360 stated that the team initially discovered vulnerability on 11th May and exploited it on 28th May. Qihoo 360 unveiled the vulnerability of the EOS team, who "fixed" it and stopped this issue on Github. However, on May 29, Qihoo 360 found that the vulnerability was not fully decided and thus the report was released to the public. The vulnerability in EOS's codebase left the blockchain network for harsh criticism, mainly because EOS was expected to launch its main network on June 2 in the next five days.

A well-known cryptocurrency researcher and professor Sirer of Cornell University said that the EOS situation would be "worse," and emphasized that the bug generated by EOS is not practical in finding conceptual or structural errors with the prize system protocol. "EOS Bug Bounty is designed to capture simple coding errors, not ideological errors with protocols. EOS friends, did you get any help from a specialist on the Consensus Protocol? You do not have to roll your own crypto Why are you rolling your consensus protocol? It's like not inventing your own scalpel, but then with brain surgery Is moving, "Sirer said.

EOS centralization issues
Immediately after its controversial Mainnet launch, EOS developers received criticism from Szebo, who said that the centralized aspect of EOS makes the project weak for attacks and various security holes.

"You can freeze some full strangers in EOS, which users thought was their money.You should trust the 'constitutional' organization of people who you probably never know, under the EOS protocol, SZEBO said, EOS 'Constitution' is socially insecure and security hole.

The statement from Szebo refers to the ability to seize and suspend accounts after the inaction of EOS, which EOS New York, the candidate of EOS block producer, first explained in an interview with Next Web. However, Rick Schleslinger, co-founder of EOS New York, said that users should check EOS on the controversial account suspension process.