TRON DAO completes security assessment by ChainSecurity, strengthening network integrity

Share this article

Geneva, Switzerland – 30 September 2024 – TRON DAO has successfully completed a security assessment of its Java-Tron client by a blockchain security firm ChainSecurity. The assessment, which focused on key components such as the TRON Virtual Machine (TVM), consensus mechanisms and Peer-to-Peer (P2P) interactions, aimed to proactively identify and fix any vulnerabilities that could affect performance of the TRON blockchain, including transaction execution, block generation and consensus operations.

Key findings and solutions

ChainSecurity discovered several vulnerabilities that, if exploited, could have affected network performance or even caused outages. The TRON development team acted quickly to resolve these issues. Below are some of the most notable findings and solutions that have been implemented to ensure network stability and security:

1. PBFT messages that create status extension

A significant issue was found with Practical Byzantine Fault Tolerance (PBFT) messages that could have caused unlimited memory expansion, which could lead to a Denial-of-Service (DoS) attack.

Solution: The system has been updated to ensure that PBFT messages are only processed when PBFT is enabled, preventing excessive memory consumption.

1. Unallowed censoring of fork blocks

An attacker could have censored legitimate fork blocks by creating a fork chain with fake blocks. On detection, the entire fork, including valid blocks, would have been discarded.

Fix: New code now filters out blocks from invalid producers before processing, ensuring grid consistency.

1. Resource consumption by unsigned blocks

The evaluation showed that blocks without witness signatures were still being processed, consuming valuable resources such as memory, storage, and CPU.

Fix: Blocks that fail signature verification are now removed immediately, preventing unnecessary resource usage and protecting network performance.

TRON DAO’s commitment to security

Commenting on the collaboration, Founding Partner and Head of Sales, Emilie Raffo of ChainSecurity said: “It’s always a pleasure to fit into new ecosystems and be able to provide value. We worked closely with the TRON team to identify and resolve vulnerabilities, strengthening the security and overall performance of the network. We look forward to many more years of fruitful collaboration to secure the TRON ecosystem.”

TRON DAO Community Spokesperson Dave Uhryniak further stated:

“Security is critical to growth and trust within any blockchain ecosystem. ChainSecurity’s TRON security assessment has further strengthened the resilience of our network, ensuring that we continue to provide a secure and efficient platform for our global user base. This marks another milestone in our continued commitment to enhancing the safety and reliability of the TRON network.”

TRON DAO’s collaboration with ChainSecurity highlights its dedication to proactively identify and resolve security challenges. This security assessment reinforces TRON’s commitment to protecting user assets and data on its network.

Improved security for the TRON ecosystem

With these issues identified and resolved, TRON’s security infrastructure has been significantly strengthened, ensuring that the network continues to operate at an optimal level. The ChainSecurity rating reaffirms TRON’s commitment to maintaining the highest security standards, providing a safe and reliable environment for its global user base.

Want to learn more?

For a breakdown of the findings and solutions, see the full security assessment report: ChainSecurity Java-Tron Security Assessment Report.

Description of TRON DAO company

TRON DAO is a community-governed DAO dedicated to accelerating internet decentralization through blockchain technology and dApps.

Founded in September 2017 by SE Justin Sun, the TRON network has continued to deliver impressive achievements since the launch of the MainNet in May 2018. July 2018 also marked the integration of the BitTorrent ecosystem, a pioneer in Web3 decentralized services with over 100 million monthly active users . The TRON network has gained incredible traction in recent years. As of September 2024, it has more than 256 million total user accounts on the blockchain, more than 8 billion total transactions, and more than $20 billion in total value locked (TVL), as reported by TRONSCAN.

Additionally, TRON hosts the largest circulating supply of USD Tether (USDT) stablecoins worldwide, surpassing USDT on Ethereum as of April 2021. The TRON network completed full decentralization in December 2021 and is now a community-governed DAO. Most recently, in October 2022, TRON was designated as the national blockchain for the Commonwealth of Dominica, marking the first time a major public blockchain has partnered with a sovereign nation to develop its national blockchain infrastructure. In addition to the government’s approval to issue Dominica Coin (“DMC”), a blockchain-based fan token to help promote Dominica’s global fanfare, seven existing TRON-based tokens – TRX, BTT, NFT, JST, USDD, USDT , TUSD, have been granted the status of authorized digital currency and medium of exchange in the country.

TRONNetwork | THRONDAO | Twitter | YouTube | Telegram | Discord | Reddit | GitHub | environment | Forum

Media contact
Yeweon Park
(email protected)

About ChainSecurity

ChainSecurity is among the oldest and most trusted smart contract auditing companies. Their team has been conducting smart contract audits since 2017 and is trusted by long-term partners such as MakerDAO, Circle, Curve, Lido, TRON, Compound, Yearn, Tether, Argent, FUEL and others.

In addition to its history of responsible disclosures of vulnerabilities in the Ethereum protocol itself and in live smart contract code, ChainSecurity has a history of developing new security tools and discovering new types of vulnerabilities.

Media contact
ChainSecurity Marketing Team
(email protected)

Share this article