Bug on TRON could have allowed a single computer to crash the network

A high severity bug on the TRON network could have allowed an attacker with a single computer to crash the network, as first reported by TNW. The fault stems from a vulnerability related to spamming smart contracts.

On Jan. 13th, software engineer Danish Shrestha reported a bug to TRON that would have allowed an attacker to conduct a distributed-denial-of-service attack on the TRON blockchain.

"Using a single machine an attacker could send DDOS attack to all or 51% of the SR nodes and render Tron network unusable or make it unavailable."

A particular type of smart contract deployment on TRON's wallet required six of these operations.

In combination, these deployments had the potential to bog down the TRON blockchain.

By spamming these smart contract deployments it was possible to overwhelm the TRON network, clogging up available CPU and memory-rendering the blockchain unusable.

The exploit is similar to other types of denial-of-service attacks.

Simple attacks like spamming transactions or smart contract requests make it possible to overwhelm the resources of a network and make it inaccessible.

Networks like Bitcoin and Ethereum add a cost to transactions to prevent this simple kind of attack, while XRP Ledger has a cost attached to creating new addresses for similar reasons.

Since blockchain protocols are oftentimes open-source, companies like TRON can leverage the community to discover vulnerabilities as people probe the code.