The EOS launch uses the back door to access user wallets and retrieve discarded tokens

An EOS-based decentralized app (dApp) has come under fire after seriously botching a drop of air. After Trybe mistakenly distributed too many tokens to its users, the blockchain-based content ecosystem Trybe had to access user wallets to reverse transactions.

Trybe developers have mistakenly issued more than 100 EOS accounts for up to four times the amount originally set. Game developer Russell “Castle” Meakim shared his disbelief on social media after discovering a large amount of TRYBE tokens in his EOS account that shouldn’t have been there.

“There was a short time when I literally saw 8,740 TRYBE sitting on my account wondering what the hell had happened. I looked at it and I think I could have just sold anything. I just assumed that I should get that many. I think it’s a good thing I didn’t sell, ”Meakim wrote.

Here is a screenshot of the transactions in question in reverse chronological order. Trybe’s developers mistakenly made the first four deposits.

Image courtesy Russell “Castle” Meakim

The small part of the smart contract code above shows the intervention of Trybe developers. Note that the developers removed the mistakenly distributed cryptocurrency – 8,740 TRYBE ($ 60) – without permission. The user was not even notified.

Indeed, it is by design. Developers often market this as a feature of the EOS blockchain to set it apart from direct competitors.

For example, Ethereum offers immutable smart contracts. Ethereum dApp developers have to split their cryptocurrencies hard to correct mistakes in smart contracts.

Hard forking divides a cryptocurrency into two parts and releases the faulty version for a patched one. Trybe developers simply fixed problems on the fly.

This is because EOS-based contracts, unlike Ethereum’s smart contracts, are mutable.

Let me make this very clear: all of the smart contracts hosted on the EOS blockchain can be edited, updated, and changed at any time after they are deployed without notice (although it appears that some Ethereum-based startups like Bancor have chosen to create similar backdoors in theirs own smart contracts.)

It is entirely up to the user to protect themselves from malicious updates to EOS Smart Contracts by checking the code themselves.

The Trybe development team confirmed this in a Reddit post in which founder Tom Norwood admitted having frozen all token activity, accessed user wallets and withdrawn excess funds.

“While we may have been a little carelessly reliant on this to work as it should, the fact that it doesn’t work isn’t exactly our fault,” wrote Norwood. “However, this is very new software, as you probably know, and the fact that it has no other bugs is a miracle in itself.”

“If you prefer to just attack us or attack EOS itself because EOS (unlike most blockchains) has options, if things don’t go exactly according to plan then feel free,” continued Norwood. “We are pleased with our decision to reverse transactions in this case, rather than leaving large amounts of tokens in the wallets of a few people. By the way, what we did is not just a function of the TRYBE token but of any EOS based token, and to be honest, I was VERY HAPPY that it did. “

This is a good time to point out that this happens a lot on the EOS blockchain. Block makers have historically frozen EOS accounts without authorization. In particular, seven EOS wallets were illegally accessed to retrieve funds believed to have been stolen.

Nathan Rempel, Trybe’s lead developer, brought up the idea of ​​Autonomous Communities (DAOs) in a blog post titled “Tough Day at the Office – What Happened to the TRYBE Air Drop?” DAOs carefully delegate decisions to stakeholders. Rempel believes this would help users trust EOS-dApps as we are aware of their absolute capabilities.

“Does this make centralized control possible? Yes. Is Centralized Control Always a Bad Thing? No. Decentralizing control of changeable things will be the key to trusting changeability, ”his official statement said. “If the entire community can participate in the decision-making process to create something wonderful (or to fix something that went wrong), the more likely they are to trust those decisions.”

All of this is certainly well and good, but only if we ignore how terrible DAOs can be.

This inevitably leads to discussions about decentralization. It essentially enforces the immutability of smart contracts. By removing the ability to edit intelligent contract code on the fly, no one should be able to make changes to a cryptocurrency directly.

In fact, stubborn immutability is what causes millions of dollars in Ethereum to be stuck in parity for almost a year after its accounts were frozen.

This means that for Ethereum at least, decentralization of decision making is more valuable than millions of digital dollars stuck in cyberspace. For Trybe, it’s worth about $ 60.

Comments are closed.