A newly discovered bug again causes problems for EOS users: it allows you to block their valuable network resources without any authorization. The EOS development team has already reacted to the problem and is looking for a reliable solution. This is written by TheNextWeb.
The EOSEssentials command describes this attack as follows:
“A malicious user installs a code on his account that allows him to insert strings into the name of another account from which tokens are sent to him. of garbage into strings when decentralized applications/users send tokens to it.”
As a temporary solution to the problem, users are encouraged to use “shims” when interacting with dubious accounts. Their role in this case is carried by.
“By sending tokens to the “pad” account that does not have available RAM, with a note where you first to translate your tokens to, you do not make your primary account vulnerable,” GitHub.
In the EOS ecosystem, RAM is a limited resource distributed among developers. The more complex a decentralized application, the more RAM it needs for trouble-free operation.
The developer César Rodriguez, also working on the creation of an effective patch, explained that the RAM resources in this way are, in fact, blocked. Since the exploit does not allow you to transfer RAM to another account, blocked resources can not be exchanged or sold. They also can not be returned to the rightful owner.
“No decentralized application should have the right to assign resources without the mechanism for their return. In the long term, this will lead to the emergence of thousands of accounts that store garbage RAM, that is, have some value. For some shitcoins, the cost of stored RAM can exceed their own cost,” Rodriguez wrote.
In order to suffer from the actions of intruders.
“On any account this code can be installed, so any transaction can block your RAM,” Rodriguez said. “To be clear, you must be transferred to a malicious address. If you are a transfer recipient, you can not become a victim of an attack.”
According to Rodriguez, the bug was discovered after the betting application on the EOS blockсhain ceased to function. As it was paid off wins to the malicious user, more and more RAM resources were blocked.
The currently-introduced interface has a significant drawback. It is difficult to execute by ordinary users.