TRON DAO completes security assessment conducted by ChainSecurity, strengthening network integrity

ChainSecurity uncovered several vulnerabilities that, if exploited, could have impacted network performance or even caused disruptions

article-image
share

TRON DAO has successfully completed a security assessment of its Java-Tron client, conducted by leading blockchain security firm ChainSecurity. The assessment, which focused on key components such as the TRON Virtual Machine (TVM), consensus mechanisms, and peer-to-peer (P2P) interactions, aimed to proactively identify and resolve any vulnerabilities that could potentially affect the TRON blockchain’s performance, including transaction execution, block generation, and consensus operations.

Key Findings and Solutions

ChainSecurity uncovered several vulnerabilities that, if exploited, could have impacted network performance or even caused disruptions. The TRON development team acted swiftly to address these issues. Below are some of the most notable findings and the solutions that were implemented to ensure network stability and security:

  1. PBFT Messages Creating State Expansion

A significant issue was found with PBFT (Practical Byzantine Fault Tolerance) messages, which could have caused unbounded memory expansion, potentially leading to a Denial-of-Service (DoS) attack.

Solution: The system was updated to ensure PBFT messages are only processed when PBFT is enabled, preventing excessive memory consumption.

  1. Unpermissioned Censoring of Fork Blocks

Newsletter

Subscribe to Blockworks Daily

An attacker could have censored legitimate fork blocks by creating a fork chain with fake blocks. Upon detection, the entire fork, including valid blocks, would have been discarded.

Solution: The new code now filters out blocks from invalid producers before processing, ensuring network consistency.

  1. Resource Consumption by Blocks Not Signed by Witnesses

The assessment revealed that blocks without witness signatures were still being processed, consuming valuable resources such as memory, storage, and CPU.

Solution: Blocks failing the signature check are now discarded immediately, preventing unnecessary resource usage and safeguarding network performance.

TRON DAO’s Commitment to Security

Commenting on the collaboration, a Founding Partner & Head of Sales, Emilie Raffo from ChainSecurity said: “It’s always a pleasure getting on-boarded into new ecosystems and being able to provide value. We worked closely with the TRON team to identify and resolve vulnerabilities, strengthening the network’s overall security and performance. We look forward to many more years of fruitful collaboration to secure the TRON ecosystem.”

Dave Uhryniak, Community Spokesperson for TRON DAO, further stated: “Security is paramount to the growth and trust within any blockchain ecosystem. ChainSecurity’s security assessment of TRON has further strengthened our network’s resilience, ensuring that we continue to provide a secure and efficient platform for our global user base. This marks another milestone in our ongoing commitment to enhance the safety and reliability of the TRON network.”

TRON DAO’s collaboration with ChainSecurity highlights its dedication to proactively identifying and resolving security challenges. This security assessment reinforces TRON’s commitment to protecting user assets and data across its network.

Enhanced Security for TRON’s Ecosystem

With these issues identified and resolved, TRON’s security infrastructure has been significantly strengthened, ensuring that the network continues to operate at an optimal level. ChainSecurity’s assessment reaffirms TRON’s dedication to maintaining the highest standards of security, providing a safe and reliable environment for its global user base.

Want to Learn More?

For a detailed breakdown of the findings and solutions, check out the full security assessment report: ChainSecurity Java-Tron Security Assessment Report.

This content is sponsored by TRON and does not serve as an endorsement by Blockworks. The veracity of this content has not been verified and should not serve as financial advice. We encourage readers to conduct their own research before making financial decisions.  

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the On the Margin newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

    Upcoming Events

    Permissionless III Hackathon

    Salt Lake City, UT

    MON - TUES, OCT. 7 - 8, 2024

    Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

    learn more

    Permissionless III

    Salt Lake City, UT

    WED - FRI, OCTOBER 9 - 11, 2024

    Permissionless is a conference for founders, application developers, and users. Come meet the next generation of people building and using crypto.

    learn more

    Digital Asset Summit 2025

    Javits Center North | 445 11th Ave

    Tues - Thurs, March 18 - 20, 2025

    Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

    buy ticketslearn more

    recent research

    small cap eth beta trade.png

    Research

    Metis: A Small Cap ETH Beta Trade

    With a strong correlation to ETH, METIS appears to be a favorable ETH beta play at a time when L2s should see increasing market share relative to Ethereum.

    by Daniel Shapiro

    /

    news

    article-image

    On The Margin Newsletter

    Judge rules Tornado Cash is not protected under the First Amendment

    Plus, the latest PCE data reinforces expectations of continued dovish Fed policy

    by Casey Wagner&Ben Strack /
    article-image

    Markets

    BTC surpasses $66K after release of PCE data

    Latest stats from the US Bureau of Economic Analysis reinforce expectations of a continued dovish policy stance, analysts say

    by Ben Strack /
    article-image

    Policy

    Mango Markets to destroy MNGO tokens following SEC settlement

    The SEC’s announcement comes as Mango Markets also mulls a CFTC settlement

    by Katherine Ross /
    article-image

    Lightspeed Newsletter

    It may be mean reversion time for Ethereum and Solana

    Total economic value can be considered the income a blockchain makes — and Solana is far behind Ethereum on that count

    by Jack Kubinec /
    article-image

    Analysis

    The Kingdom of Bhutan is onchain and mining millions in BTC

    Bhutan, a Buddhist kingdom, has been deep in crypto for years. And it’s apparently paying off.

    by David Canellis /
    article-image

    Empire Newsletter

    Bhutan continues to rake in the bitcoin

    Plus, it’s not easy being a bull in a sideways market

    by Katherine Ross&David Canellis /