EOS Update Puts an End to Unexpected RAM Consumption by Third PartiesAug 29, 2018, 7:49PM
Version 1.2.3 of EOSIO has resolved a bug that allowed malicious actors to lock up other users’ available RAM through a smart contract.
EOS, the world’s fifth largest cryptocurrency by trading volume, was hit by yet another RAM-related controversy over the past week. According to a bug report published on GitHub, the exploit allowed malicious users to install code on their accounts, which would, in turn, let them “insert rows in the name of another account sending them tokens.” This would cause token senders to have their RAM locked up with large amounts of garbage data whenever they interacted with such users.
Shortly after the exploit was discovered and publicly disclosed, community developers came up with a temporary solution. The GitHub page explained,
By sending tokens to a proxy account with no available RAM, and with a memo where the first word of the memo is the account you eventually want to send the tokens to, the only account they can assume database row permissions for is the proxy, which has no RAM.
However, this method had its own limitations, namely that extra steps were needed and it could not be used to interact with dApps.
A Permanent Fix Came Later
The issue persisted for several days and affected well-known EOS-based dApp EOSBetCasino, which was forced to go offline to prevent further attacks. The permanent fix finally came on August 28 in the form of the EOSIO 1.2.3 update. The release notes for version 1.2.3 confirmed the existence of the issue and fixed the issue by “Deprecating the ability of a notified contract to bill RAM to authorizers of the original action.” According to the developers, the bug was an unintended side effect of a documented EOS feature.
RAM on the EOS blockchain is a rather vital resource as it is required for the existence of decentralized applications. This has led to numerous problems, including the infamous RAM shortage, which saw a few users hoarding copious amounts of memory to resell at inflated prices. Block producers were also hit with crashes when they needed more than 1GB of RAM to continue operating.
Disclaimer: information contained herein is provided without considering your personal circumstances, therefore should not be construed as financial advice, investment recommendation or an offer of, or solicitation for, any transactions in cryptocurrencies.