Disclosure: This is a sponsored post. Readers should conduct further research prior to taking any actions. Learn more ›
Geneva, Switzerland – September 30, 2024 – The TRON DAO has conducted a comprehensive security evaluation of its Java-Tron client, executed by the renowned blockchain security specialists ChainSecurity. This assessment zeroed in on critical components like the TRON Virtual Machine (TVM), consensus mechanisms, and Peer-to-Peer (P2P) interactions, with the goal of identifying and addressing vulnerabilities that might compromise TRON blockchain efficiency, including aspects like transaction execution, block generation, and consensus operations.
Insightful Findings and Their Remedies
The assessment by ChainSecurity identified several vulnerabilities capable of hindering network performance and potentially causing disruptions. The TRON development team promptly addressed these challenges. Here are the most significant findings along with their corresponding solutions:
-
Uncontrolled PBFT Messages Leading to State Expansion
A critical vulnerability pertaining to PBFT (Practical Byzantine Fault Tolerance) messages was identified, which could have led to excessive memory consumption, risking a Denial-of-Service (DoS) attack.
Solution: Updates were made to allow PBFT messages to be processed only when PBFT is enabled, thereby controlling memory usage. -
Censorship of Fork Blocks
Potential attackers could censor legit fork blocks by spawning a fork chain containing fraudulent blocks, risking the rejection of the entire fork, including valid blocks.
Solution: The revised code now removes blocks from untrustworthy producers prior to processing, ensuring network integrity. -
Resource Drain from Unsigned Blocks
This assessment revealed that blocks lacking witness signatures were still being processed, wasting crucial resources.
Solution: Blocks that do not pass the signature verification are now eliminated immediately, conserving precious resources and bolstering network efficacy.
TRON DAO’s Determination for Security
Emilie Raffo, a Founding Partner & Head of Sales at ChainSecurity, commented on this collaboration:
“Collaborating with new ecosystems is always rewarding. We worked hand-in-hand with the TRON team to effectively identify and mitigate vulnerabilities, thereby enhancing the network’s security and performance. We are eager to continue our partnership in safeguarding the TRON ecosystem.”
Dave Uhryniak, TRON DAO’s Community Spokesperson, elaborated further:
“Security is crucial for fostering growth and trust in any blockchain ecosystem. ChainSecurity’s evaluation has significantly fortified our network’s resilience, ensuring a secure and efficient environment for our users. This is another step in our ongoing mission to enhance the safety and reliability of the TRON network.”
The partnership between TRON DAO and ChainSecurity illustrates a proactive approach in tackling security challenges, reinforcing TRON’s commitment to user safety and data integrity across its platform.
Strengthened Security for TRON’s Infrastructure
With vulnerabilities identified and rectified, the TRON security architecture has seen remarkable enhancements, ensuring the network’s continued optimal operation. ChainSecurity’s audit emphasized TRON’s resolve in achieving high security standards for its global clientele.
Interested in More Information?
For a comprehensive overview of the findings and resolutions, please refer to the complete security assessment report: ChainSecurity Java-Tron Security Audit Report.
About TRON DAO
TRON DAO is a community-led organization aiming to fast-track the decentralization of the internet through blockchain technology and decentralized applications (dApps).
Established in September 2017 by H.E. Justin Sun, the TRON network has made remarkable strides since launching its MainNet in May 2018. In July 2018, it integrated with BitTorrent, a leader in decentralized Web3 services with over 100 million monthly active users. By September 2024, the TRON network boasted over 256 million user accounts, over 8 billion transactions, and a total value locked (TVL) exceeding $20 billion as reported on TRONSCAN.
Furthermore, TRON hosts the largest circulating supply of USD Tether (USDT) globally, having eclipsed the USDT supply on Ethereum since April 2021. The network achieved full decentralization in December 2021 and transitioned into a community-governed DAO. Most recently, TRON was recognized as the national blockchain for the Commonwealth of Dominica, marking the first public blockchain collaboration with a sovereign nation for developing its blockchain infrastructure.
TRON Network
| TRON DAO
| Twitter
| YouTube
| Telegram
| Discord
| Reddit
| GitHub
| Medium
| Forum
Media Contact
Yeweon Park
[email protected]
About ChainSecurity
ChainSecurity ranks among the most established and reliable smart contract audit firms. Their team has been conducting thorough audits since 2017, earning the trust of long-standing partners like MakerDAO, Circle, Curve, Lido, TRON, Compound, Yearn, Tether, and Argent, among others.
Apart from their history of responsible vulnerability disclosures in the Ethereum protocol and active smart contract codes, ChainSecurity is recognized for developing innovative security tools and unveiling new types of vulnerabilities.
Media Contact
ChainSecurity Marketing Team
[email protected]
Mentioned in this article