Quadriga Initiative Logo.png

QUADRIGA INITIATIVE

CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM

A COMMUNITY-BASED, NOT-FOR-PROFIT

$0 USD

MAY 2023

GLOBAL

EOS BLOCKCHAIN

DESCRIPTION OF EVENTS

"EOS is a platform that uses the blockchain technology for the development of decentralized applications (dapps), very similar to Ethereum in function. As a matter of fact, supporters have dubbed it as the “Ethereum killer”. By providing an operating-system-like set of services and features that dapps can make use of, it makes dapp development very easy."

 

"EOSIO is a highly performant open-source blockchain platform, built to support and operate safe, compliant, and predictable digital infrastructures." "EOSIO is a leading open-source software for blockchain innovation and performance. As one of the most performant, customizable, and secure blockchains available, it offers industry-leading speed, scalability, configurability, and the latest security standards." "Block.one is also the originator of EOSIO, the leading open-source blockchain software that provides developers and businesses with the tools to build the infrastructure of tomorrow."

 

"The security vulnerability is related to the state objects tracking the reserved addresses of the trustless bridge and how they were not properly being undone in the case of an EVM execution context being reverted. If exploited, it could potentially allow an attacker to illegitimately drain all of the EOS stored by the EOS EVM Contract across the trustless bridge."

 

"The EOS Network Foundation tweeted that the EOS EVM has released version v0.4.2, which fixes a serious security vulnerability found in the EOS EVM. The EOS EVM contracts, EOS EVM nodes, and EOS EVM RPC components implemented by the EOS mainnet all need to be upgraded."

 

"The EOS EVM Contract, EOS EVM Node, and EOS EVM RPC for the EOS mainnet implementation have already been patched prior to this public release."

 

"The fix to the security vulnerability is technically a breaking change to EOS EVM. However, the vulnerability does not appear to have been exploited on either the EOS EVM testnet or mainnet. Therefore, it becomes possible to treat the fix as simpler retroactive change of the EVM."

 

"Upgrading EOS EVM Contract from v0.4.1 simply requires a setcode of the v0.4.2 contract. There are no changes to the ABI."

 

Explore This Case Further On Our Wiki

A critical vulnerability was uncovered and resolved in the EOS EVM before it could be exploited. The vulnerability, if exploited, would have allowed draining all contracts storing EOS across the trustless bridge.

SlowMist Hacked - SlowMist Zone (May 19)
@EOSnFoundation Twitter (May 19)
Release EOS EVM v0.4.2 Release Notes · eosnetworkfoundation/eos-evm · GitHub (May 19)
Comparing v0.4.1...v0.4.2 · eosnetworkfoundation/eos-evm · GitHub (May 19)
https://eos.io/ (May 29)
https://medium.datadriveninvestor.com/eos-oversimplified-a-beginners-guide-to-eos-io-cryptocurrency-4b1ee4465736?gi=f62babde20e3 (May 29)

Sources And Further Reading

More case studies

Land of Genesis Mint
Permission Hack

SwapRum
Rug Pull

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2019 - 2026 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.