EOS new update to prevent RAM exploits
What is the EOS RAM exploit issue?
The issue is, a malicious user can install code on their account which lets them to insert rows in the name of another account sending them tokens. This process allows them to steal RAM by inserting huge amount of garbage into rows when dapps/users send them tokens.
What is the solution?
EOS team reportedly came up with a solution to prevent it. Till the bug is fixed, users can send the tokens to a proxy account that has no available RAM. It has to have a memo where the first word of it, is the account that the user eventually want to send the tokens to. Users who are sending tokens to people they do not know can send it through safetransfer by adding the account name as the memo, BitcoinExchangeGuide reported.
How to use the new EOS update?
“This contract accepts all token types that conform to the basic eosio.token contract. The only method that has to have an identical argument signature is the transfer method,” according to a post on GitHub. Users will need to set permissions onto their proxy contract to allow it to send tokens inline. To do so, users can simply change the memo to include the first word in the memo and add the account name.
This can also be done from a smart contract without using this intermediate proxy. "Inline transfer to proxy, then inline transfer from proxy. Proxy’s active would delegate to contract’s eosio.code The original contract would issue both transfers, but with a different auth."
Image via Shutterstock
Join our Telegram group