19 August 2018

DoS Vulnerability Bug On NEO Blockchain Fixed By Eric Zhang

DoS Vulnerability Bug Discovered By Zhiniang Peng Of Qihoo 360 Core Security

On the 15th of August, 2018 Zhiniang Peng of Qihoo 360 Core Security had made a blog post pointing out a Denial-of-Service (DoS) vulnerability on the NEO Smart Economy platform. Once the DoS vulnerability was verified and tested by the Qihoo 360 Core Security team, a detailed report was then sent out via an email to NEO for their urgent response to the issue.

Erik Zhang Resolves DoS Vulnerability Bug Issue

In response to the DoS vulnerability bug discovered by Zhiniang Peng on the NEO Smart Economy platform, NEO announced on the 17th of August, 2018 that NEO founder, Erik Zhang had successfully fixed the Denial-of-Service (DoS) vulnerability bug issue. According to NEO, Erik Zhang tested and ratified the DoS vulnerability bug on the 15th of August, 2018 in 7 minutes and a bug fix report was released by him in just 56 minutes.

By resolving the bug issue quickly, NEO had dispelled any notion by the community that hackers would capitalise on the DoS vulnerability bug in the NEO Smart Economy. The Qihoo 360 Core Security team received a total of 1,000 NEO as reward for their efforts.

DoS Vulnerability Bug Fix Timeline

Below is a timeline for the DoS vulnerability bug fix.

  • On the 15th of August, 2018 at 15:00 pm the DoS vulnerability bug was verified and subsequently tested.
  • By 18:57 pm still on the 15th of August, 2018 a report of the DoS vulnerability bug was sent to NEO via an email.
  • The DoS vulnerability bug was ratified by NEO on the 15th of August by 19:04 pm.
  • A bug fix report was released by Erik Zhang the founder of NEO on the 15th of August, 2018 by 20:00 pm.

In Closing

NEO expressed their appreciation to Qihoo 360 Core Security and all other developers that have contributed in no small measure to the growth and development of the NEO Smart Economy. It is no secret that the security of the ecosystem is paramount to NEO, to this end they have already entered into strategic partnership with two security companies namely CertiK and Red4Sec.

The former will provide NEO with security auditing services for NEO Smart Contracts by utilising official verification while the latter will provide code auditing services for the NEO network.

Furthermore, NEO has instituted an incentivised policy to reward any contributor that discovers vulnerabilities in the NEO Smart Economy; this way the NEO network would be sustained in both the short and long term. You can get more information about the DoS vulnerability bug fix right here.

Leave Comment

Your email address will not be published. Required fields are marked *