Announcement on immediate fix of the “DoS vulnerability” identified on NEO blockchain

8/17/2018 发布

Posted on 8/17/2018

A DoS (Denial-of-Service) vulnerability, as pointed out in a blog posted by Zhiniang Peng from Qihoo 360 core security, was identified on NEO Smart Economy platform on Aug 15.The team e-mailed a detailed report to NEO as soon the vulnerability was identified and tested. It only took Erik Zhang, NEO founder, 7 minutes to test and confirm the vulnerability and 56 minutes to release a bug fix, eliminating the possibility of the bug being exploited by attackers. The bug has been corrected and 1000 NEO has been rewarded to the team.

Below is a timeline of the bug fix:

Aug 15, 2018 15:00 Bug identified and tested
Aug 15, 2018 18:57 Bug report emailed to NEO
Aug 15, 2018 19:04 NEO officially confirmed the bug
Aug 15, 2018 20:00 NEO founder, Erik Zhang, released a bug fix

Without valuable contributions from excellent developers, NEO wouldn’t have maintained a sustainable and steady development. A special thanks to Qihoo 360 Core Security for your quick spotting and notification of the vulnerability, allowing us to address it immediately with a hotfix release.

Since its inception in October 2016, security has been a major focus of NEO, especially our technical team. We have partnered with Red4Sec, a code auditor, and CertiK, a formal verification service platform, both of whom will provide security auditing service for NEO. The former will focus on the code of the NEO platform while the latter on NEO smart contracts using formal verification. Additionally, NEO also has a reward policy for contributors who have identified vulnerabilities. These security enhancement strategies will help maintain the stability of the NEO network in the long run.

You can find more details here.