The report explains that with enough malicious requests, an attacker could have crammed up all the free memory and effectively perform a DDos attack on the Tron [TRX] network by using malicious code in a smart contract. The announcement further explains the impact of such an attack:
“Using one machine, an attacker could send DDOS attack to all or around 51% of the SR node and render Tron [TRX] network unusable or make it unavailable.”
The cybersecurity analyst who discovered and disclosed the vulnerability was given a bounty reward of $1,500 USD. This issue was 1st reported, earlier in the mid of January, but had been publicly disclosed solely recently, once it was already fixed.
The largest country payer was reportedly Block.one. Leading cryptocurrency exchange namely ‘Coinbase’ was the 2nd-largest bounty spender at $290,381 USD whereas Tron [TRX] was the 3rd-largest, reportedly spending out $76,200 USD earlier in last year ‘2018’.
Earlier in Feb. 2019, EOS.io, the company accountable for the development of fourth-largest cryptocurrency by market capitalization Eos [EOS], had already ‘handled‘ over bug bounties for 5 critical vulnerabilities this year.