EOS new update to prevent RAM exploits 21747
News
Pinaz Kazi
Aug 27, 2018 at 2:10 PM

EOS has been facing the RAM exploit issue for quite some time now. According to a Reddit thread, the EOS team came up with a solution to prevent it, until a proper fix is implemented.

What is the EOS RAM exploit issue?

The issue is, a malicious user can install code on their account which lets them to insert rows in the name of another account sending them tokens. This process allows them to steal RAM by inserting huge amount of garbage into rows when dapps/users send them tokens.

See also: How to lower the cost of EOS RAM? Dan Larimer shares a three-step plan

What is the solution?

EOS team reportedly came up with a solution to prevent it. Till the bug is fixed, users can send the tokens to a proxy account that has no available RAM. It has to have a memo where the first word of it, is the account that the user eventually want to send the tokens to. Users who are sending tokens to people they do not know can send it through safetransfer by adding the account name as the memo, BitcoinExchangeGuide reported.

How to use the new EOS update?

“This contract accepts all token types that conform to the basic eosio.token contract. The only method that has to have an identical argument signature is the transfer method,” according to a post on GitHub. Users will need to set permissions onto their proxy contract to allow it to send tokens inline. To do so, users can simply change the memo to include the first word in the memo and add the account name.

See also: EOS launches EOS Alliance, a non-profit governance group to push transparency

This can also be done from a smart contract without using this intermediate proxy. "Inline transfer to proxy, then inline transfer from proxy. Proxy’s active would delegate to contract’s eosio.code The original contract would issue both transfers, but with a different auth."

Image via Shutterstock

Join our Telegram group