Recently, according to reports from well-known foreign media such as Blockworks, Cointelegraph, The Block and CryptoSlate, TRON has successfully completed the security assessment of the Java-Tron client. The assessment was carried out by ChainSecurity, a leading global blockchain security company, and focused on testing core components such as the TRON Virtual Machine (TVM), consensus mechanism and peer-to-peer (P2P) interaction, aiming to identify and fix potential vulnerabilities that may affect TRON's transaction execution, block generation and consensus operations. This means that TRON has been deeply reinforced in terms of security, which not only improves the defense capabilities of the entire blockchain system and prevents potential security threats, but also enhances the trust of the community and users in the network.

Multiple media reports indicated that ChainSecurity found several potential vulnerabilities during the assessment. If these vulnerabilities were exploited by hackers, they could affect network performance or even cause system outages. The TRON development team took quick action to fix the vulnerabilities to ensure network security and reliability.

The following are the main issues and solutions found in this assessment:

PBFT messages cause state bloat

The assessment found that the PBFT (Practical Byzantine Fault Tolerance) message processing function has serious risks, which may cause unlimited memory expansion and trigger a denial of service (DoS) attack.

Solution: A system update has been made to ensure that relevant messages are only processed when the PBFT feature is enabled to avoid excessive memory usage.

Forked Block Censorship Attack

A hacker can create a forked chain consisting of fake blocks and censor valid forked blocks. Once such activity is detected, the system will abandon the entire fork (including valid blocks).

Solution: The new code will first filter out blocks produced by invalid block producers to ensure data consistency.

Blocks without witness signatures consume resources

The assessment also found that even though some blocks lacked witness signatures, the system would still process them, which would waste memory, storage and CPU resources.

Solution: Blocks that fail signature verification will now be abandoned immediately, thus avoiding resource waste and ensuring stable network performance.

Emilie Raffo, Founding Partner and Head of Sales at ChainSecurity, said of the collaboration: “We are very pleased to provide professional value to the TRON ecosystem. We worked closely with the TRON team during this assessment to discover and fix vulnerabilities, thereby improving the security and overall performance of the network. We look forward to achieving more fruitful results in our future cooperation and safeguarding the security of the TRON ecosystem.”

  

Dave Uhryniak, spokesperson for the TRON community, further stated: “Security is the top priority for all blockchains to achieve development and gain trust. The security assessment conducted by ChainSecurity has helped TRON further improve its risk resistance and ensure that we can continue to provide safe and efficient services to global users. This cooperation is another important milestone for TRON to improve security and reliability.”

The collaboration with ChainSecurity demonstrates TRON’s commitment to proactively identifying and resolving potential vulnerabilities, and fully demonstrates its firm determination to protect the security of user assets and network data.

By successfully identifying and fixing the above vulnerabilities, the security performance of the TRON ecosystem has been greatly improved, ensuring that the network operates stably and in the best condition. ChainSecurity's evaluation once again confirms TRON's unremitting pursuit: always maintaining the highest security standards and creating a safe and reliable network environment for global users.

It is reported that ChainSecurity is one of the earliest and most reputable smart contract auditing companies in the industry. Since its establishment in 2017, the ChainSecurity team has focused on smart contract security auditing business and won the trust of many long-term partners such as MakerDAO, Circle, Curve, Lido, TRON, Compound, Yearn, Tether, Argent and FUEL.

ChainSecurity has disclosed vulnerabilities in the Ethereum protocol and real-time smart contract code, and is also committed to developing various security tools to discover new security vulnerabilities.

Source: China International Capital Corporation

Original link: http://news.cnfol.com/shangyeyaowen/20241009/30965054.shtml