HackerOne Reports 43 Vulnerabilities in Digital Asset Platforms
Several bugs and vulnerabilities affecting 43 digital asset projects were reported recently by the HackerOne platform.
HackerOne, the platform for disclosing and publishing various software vulnerabilities, has found up to 43 digital asset projects have various levels of vulnerability. Crypto-related projects have seen vulnerabilities reported in the past, but HackerOne submissions still remain active.
An overview of the reported flaws and bugs shows that large-scale projects like Coinbase, EOS issuer Block.one, Tezos, Brave, and Monero, are still open to vulnerabilities.
The HackerOne bug bounty for Coinbase shows there are 12 critical vulnerabilities “in scope” right now. Block.one has four critical vulnerabilities in scope, uncovering various flaws in the EOS protocol. Digital asset projects, especially complex ones like exchanges, or the new delegated proof-of-stake networks, are often vulnerable due to a fast launch, relying on HackerOne bounties to find flaws. The flaw reports also include Tendermint, a project aiming to help Binance launch its decentralized exchange.
EOS remains the blockchain company with the most money spent on bug reports, as much as $500,000. For other projects and assets, the exact nature of the bugs is undisclosed but based on payments, they are relatively minor. For crypto asset projects, the ability to create coins without limitations, or to exploit smart contracts, has been one of the biggest sources of concern.
TRON (TRX) has spent $78,800 on bug detection, a relatively minor sum, showing the project has few and minor flaws. Other report pages hide the sums spent in total. But for most digital asset projects and startups, a bug bounty program is the most accessible way to launch with some chance of bug discovery, yet without taking too much time to ensure a bug-free code.
The under-developed nature of crypto startups is one factor that is limiting mainstream adoption. The various vulnerabilities of smart contracts and tokens are a concern when it comes to inviting mainstream attention.
In the case of Monero, the project has limited calls for minor bugs and website flaws, being more interested in the blockchain itself. Monero has only a handful of reports, but one of the bugs was critical, potentially allowing for the creation of an unlimited number of coins.