{"id":113838,"date":"2019-09-17T10:39:36","date_gmt":"2019-09-17T10:39:36","guid":{"rendered":"https:\/\/cryptoslate.com\/?p=113838"},"modified":"2019-11-07T02:27:17","modified_gmt":"2019-11-07T02:27:17","slug":"exploit-eos-io-unusable-two-hours","status":"publish","type":"post","link":"https:\/\/cryptoslate.com\/exploit-eos-io-unusable-two-hours\/","title":{"rendered":"Understanding the exploit that made EOS.IO \u201cunusable\u201d for two hours"},"content":{"rendered":"

On Sept. 13, an attacker flooded<\/a> the EOSIO network to drain $110,000 in EOS<\/a> from a gambling dApp. During the process, many user-facing applications were unusable due to congestion. Here's how the hacker did it, in detail.<\/p>\n

Basics of the network congestion exploit<\/h2>\n

Four days ago, an attacker pushed the EOS network into \u201chigh congestion mode\u201d as part of a smart contract exploit. The maneuver temporarily made some free network resources unavailable, making many applications on the network \u201cunusable\u201d to smaller token holders for over two hours.<\/p>\n

Although the network was still accessible (for example, a block explorer would still work), many were “prevented from publishing updates” or “doing anything actively on the chain” unless they paid for prohibitively costly network resources.<\/p>\n

At the peak of network congestion, it required nearly 12 EOS to make a single feeless transaction on the network, said one community member. For context, Most blockchains attach a fee directly to transactions. EOSIO allows users to stake their tokens in exchange for network resources.<\/p>\n

The attacker was able to rent a huge amount of network resources on a recently opened resource exchange. These resources were leveraged to select which valid transactions would get included on the blockchain to manipulate gambling dApp outcomes.<\/p>\n

During this time, the maintainers of the gambling dApp did not have enough EOS on hand to take their contract offline (or take any preventative actions at all). This allowed the attacker to drain the smart contract for 30,000 EOS, at the cost of 300 EOS in rented network resources, at their leisure.<\/p>\n

Identifying the attacker<\/h2>\n

Beginning Aug. 17, the user “mumachayinmm<\/a>” started conducting tests against a variety of gambling dApps. After just under a month of testing, mumachayinmm rented the equivalent of 1.45 million EOS in network resources.<\/p>\n

Previously, this would have required some $5.8 million in tokens. But REX, a new service launched<\/a> in May, allows users to stake their EOS for security and voting purposes while selling the network resources their stake entitles them to. After REX, 1.45 million EOS in network resources cost just $1,200.<\/p>\n

\"Resources
Source: Bloks.io<\/a><\/figcaption><\/figure>\n

On Sept. 13, mumachayinmm started flooding EOSIO with hundreds of thousands of transactions.<\/p>\n

\"Spam
Sample of some of the attacker\u2019s spam transactions. Source: Bloks.io<\/a><\/figcaption><\/figure>\n

Technical details behind the gambling dApp exploit<\/h2>\n

EOSPlay<\/a> is a decentralized gambling dApp that offers games such as poker and dice. What made the service exploitable was how it generated random numbers for these games.<\/p>\n

Instead of using a secure source of randomness, EOSPlay used the EOSIO blockchain as its source of entropy. Unfortunately, information on a blockchain can be manipulated.<\/p>\n

As an example, on Bitcoin miners who find a block get to select which transactions are included at their discretion, so long as they\u2019re legal transactions. Theoretically, if a dApp used transactions on Bitcoin to make calculations then large miners could game it.<\/p>\n

On EOSIO, a similar way to manipulate the blockchain is to amass enough network resources to include whichever transactions are desired over all other users.<\/p>\n

Specifically, what the attacker did was put deferred transactions into each block, said<\/a> Dexaran, a respected smart contract developer. These blocks were the ones EOSPlay used to calculate random numbers.<\/p>\n

By monopolizing network resources, the attacker could then calculate the random number before the contract could. If the number was a losing number, then the deferred transactions started an \u201cinfinite loop,\u201d pushing random number generation to the next block, said Dexaran.<\/p>\n

The maneuver allowed mumachayinmm to win on EOSPlay over and over again.<\/p>\n

\"Illicit
Tens of thousands of EOS in illicit winnings. Source: Bloks.io<\/a><\/figcaption><\/figure>\n

EOSPlay helpless during the attack<\/h2>\n

To make matters worse, the maintainers behind the gambling dApp did not stake enough EOS to cover their contract operation costs when EOSIO\u2019s conservative mode was triggered. This was an oversight on the part of the maintainers.<\/p>\n

With network resources monopolized the maintainers needed to have enough liquid EOS on hand to ensure a transaction to halt the contract would go through. It appears they didn\u2019t have the tokens on hands, allowing the attacker to bide their time as the contract was drained.<\/p>\n

These spam attacks aren\u2019t unique to EOS. Networks such as Bitcoin<\/a> and Ethereum<\/a> are also vulnerable to spam attacks should a wealthy token holder wish to pay for them (though they are prohibitively expensive in most cases).<\/p>\n

Block.one executives respond<\/h2>\n

Block.one<\/a> CTO and creator of EOSIO Daniel Larimer<\/a> took to Twitter to dispel the \u201cFUD\u201d around the network congestion attacks. He asserted the network was \u201cworking as intended\u201d:<\/p>\n

\n

#EOS<\/a> is operating correctly. This is no different than when attackers flood eth or bitcoin with high fee transaction spam. The network didn\u2019t freeze for token holders, there was just no extra bandwidth available for free usehttps:\/\/t.co\/nZQmCTlXFa<\/a><\/p>\n

— Daniel Larimer (@bytemaster7) September 14, 2019<\/a><\/p><\/blockquote>\n