- 1 Vulnerability found in TRON’s multisig account opening system which opened the accounts to the risk of theft.
- 2 0d research team cautioned TRON of its vulnerability in a program called the Bug Bounty program on February 19
- 3 No assets at risk stated 0d research team in a statement on Twitter
Research by the 0d team at dWallet labs revealed that a critical zero-day vulnerability in the TRON blockchain left multisig accounts open to the risk of theft.
TRON’S Vulnerability
As the name suggests, multisig accounts are such accounts that must be signed by multiple signatures in order to carry out a transaction. The vulnerability found by the research team was that any signer associated with any multisig account could have easily accessed the funds in that account.
According to the 0d researchers overseeing TRON’s approach to multisig accounts meant a fault in its verification system for verifying all necessary information. This fault could easily be surpassed by any line of attack and get access to multisig accounts.
One of the team members Omer Sadika stated that the multisig account could’ve been easily accessed by a single signer putting multiple valid signatures for the same message.
Researchers, however, revealed that the solution to this problem was quite simple. Signatures have to be checked from onwards against the list of addresses as well, not just against the list of signatures.
The research team also revealed that they reported the issue in a program called TRON’s bug bounty program on February 19. The research team further added that after reporting TRON patched the loophole in a few days and they said that most of the TRON validators have been patched.
In a separate statement made on Twitter by the research team, it stated that no assets were at risk as the problem was fixed.
What is TRON and How Does it Work?
TRON is a decentralized platform based on Blockchain and has its own cryptocurrency called Tronix. The platform was built by a non-profit organization known as the Tron Foundation in Singapore in 2017. The platform’s main purpose is to host a digital entertainment system for the cost-effective sharing of digital content.
Initially limited to Asia, TRON has expanded beyond. As of 2021, it has 50 Million users on its platform.
The company was founded by BitTorrent’s(famous file-sharing platform) CEO Justin Sun. Justin Sun was born in 1990. Currently, TRON has offices in Singapore and San Francisco.
The Tron network has been compared to Ethereum a lot of times for its similar use cases, such as building smart contracts, decentralized apps, and tokens.
Andrew is a blockchain developer who developed his interest in cryptocurrencies while pursuing his post-graduation major in blockchain development. He is a keen observer of details and shares his passion for writing, along with coding. His backend knowledge about blockchain helps him give a unique perspective to his writing skills, and a reliable craft at explaining the concepts such as blockchain programming, languages and token minting. He also frequently shares technical details and performance indicators of ICOs and IDOs.