TRON DAO completes security assessment conducted by ChainSecurity, strengthening network integrity

ChainSecurity uncovered several vulnerabilities that, if exploited, could have impacted network performance or even caused disruptions

article-image
share

TRON DAO has successfully completed a security assessment of its Java-Tron client, conducted by leading blockchain security firm ChainSecurity. The assessment, which focused on key components such as the TRON Virtual Machine (TVM), consensus mechanisms, and peer-to-peer (P2P) interactions, aimed to proactively identify and resolve any vulnerabilities that could potentially affect the TRON blockchain’s performance, including transaction execution, block generation, and consensus operations.

Key Findings and Solutions

ChainSecurity uncovered several vulnerabilities that, if exploited, could have impacted network performance or even caused disruptions. The TRON development team acted swiftly to address these issues. Below are some of the most notable findings and the solutions that were implemented to ensure network stability and security:

  1. PBFT Messages Creating State Expansion

A significant issue was found with PBFT (Practical Byzantine Fault Tolerance) messages, which could have caused unbounded memory expansion, potentially leading to a Denial-of-Service (DoS) attack.

Solution: The system was updated to ensure PBFT messages are only processed when PBFT is enabled, preventing excessive memory consumption.

  1. Unpermissioned Censoring of Fork Blocks

Newsletter

Subscribe to The Breakdown

An attacker could have censored legitimate fork blocks by creating a fork chain with fake blocks. Upon detection, the entire fork, including valid blocks, would have been discarded.

Solution: The new code now filters out blocks from invalid producers before processing, ensuring network consistency.

  1. Resource Consumption by Blocks Not Signed by Witnesses

The assessment revealed that blocks without witness signatures were still being processed, consuming valuable resources such as memory, storage, and CPU.

Solution: Blocks failing the signature check are now discarded immediately, preventing unnecessary resource usage and safeguarding network performance.

TRON DAO’s Commitment to Security

Commenting on the collaboration, a Founding Partner & Head of Sales, Emilie Raffo from ChainSecurity said: “It’s always a pleasure getting on-boarded into new ecosystems and being able to provide value. We worked closely with the TRON team to identify and resolve vulnerabilities, strengthening the network’s overall security and performance. We look forward to many more years of fruitful collaboration to secure the TRON ecosystem.”

Dave Uhryniak, Community Spokesperson for TRON DAO, further stated: “Security is paramount to the growth and trust within any blockchain ecosystem. ChainSecurity’s security assessment of TRON has further strengthened our network’s resilience, ensuring that we continue to provide a secure and efficient platform for our global user base. This marks another milestone in our ongoing commitment to enhance the safety and reliability of the TRON network.”

TRON DAO’s collaboration with ChainSecurity highlights its dedication to proactively identifying and resolving security challenges. This security assessment reinforces TRON’s commitment to protecting user assets and data across its network.

Enhanced Security for TRON’s Ecosystem

With these issues identified and resolved, TRON’s security infrastructure has been significantly strengthened, ensuring that the network continues to operate at an optimal level. ChainSecurity’s assessment reaffirms TRON’s dedication to maintaining the highest standards of security, providing a safe and reliable environment for its global user base.

Want to Learn More?

For a detailed breakdown of the findings and solutions, check out the full security assessment report: ChainSecurity Java-Tron Security Assessment Report.

This content is sponsored by TRON and does not serve as an endorsement by Blockworks. The veracity of this content has not been verified and should not serve as financial advice. We encourage readers to conduct their own research before making financial decisions.  

Get the news in your inbox. Explore Blockworks newsletters:

Tags

    Newsletter

    The Breakdown

    Decoding crypto and the markets. Daily, with Byron Gilliam.

    Upcoming Events

    Digital Asset Summit 2025

    Old Billingsgate

    Mon - Wed, October 13 - 15, 2025

    Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

    buy ticketslearn more

    Permissionless IV

    Industry City | Brooklyn, NY

    TUES - THURS, JUNE 24 - 26, 2025

    Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

    buy ticketslearn more

    Permissionless IV Hackathon

    Brooklyn, NY

    SUN - MON, JUN. 22 - 23, 2025

    Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

    learn more

    recent research

    Research Report Templates.png

    Research

    Maple Finance: Institutional Lending

    Maple Finance has successfully navigated significant market challenges through its strategic pivot to secured lending (Maple v2) and the launch of its Syrup product. Syrup has become a primary growth driver, delivering sustainable, outperforming stablecoin yields and rapidly increasing TVL. The upcoming custody-first Bitcoin staking product (istBTC) presents another significant avenue for expansion. Crucially, Maple has achieved operational profitability, a key inflection point that, combined with a fully vested token and active buyback mechanism, strengthens its investment case. While valuation metrics suggest potential undervaluation relative to peers and growth, the primary forward-looking risk identified is the long-term sustainability of its current high-take-rate collateral staking revenue model.

    by Shaunda Devens

    /

    news

    article-image

    Forward Guidance NewsletterMarkets

    Inflation in April rose less than expected, but tariff impact remains to be seen

    Higher inflation historically lags behind tariff implementation, so don’t celebrate just yet

    by Casey Wagner /
    article-image

    Forward Guidance NewsletterPolicy

    Crypto players eye more tokenization tests after latest SEC talk

    VanEck launches its first tokenized fund after financial giants convene at SEC roundtable

    by Ben Strack /
    article-image

    The DropWeb3

    Sugartown proves it’s still for degens with its latest mint

    The “GameFi” platform that began its development while part of Zynga is launching another NFT collection

    by Kate Irwin /
    article-image

    0xResearch Newsletter

    Crypto liquid funds are turning to fundamentals to navigate a sea of altcoins

    Funds disagree about which metrics matter, but agree fundamentals are key

    by Donovan Choy /
    article-image

    PeopleSupply Shock

    ‘It’s out of reach of the autocrat’: How Cypherpunk Phil Zimmermann feels about Bitcoin

    PGP creator Phil Zimmermann’s connection with Bitcoin is complicated

    by David Canellis /
    article-image

    Business

    Morph, Bitget’s L2, is stymied by founder disputes, lavish spending and power struggles: Sources

    Blockworks spoke with a dozen current and former employees about the problems that have plagued Bitget’s blockchain, Morph

    by Katherine Ross&Jack Kubinec /