TRON DAO Improves Network Security with ChainSecurity Audit

Geneva, Switzerland – September 30, 2024 – TRON DAO has successfully completed a security assessment of its client Java-Tron, conducted by the leading blockchain security company ChainSecurity. The assessment, which focused on key components such as the TRON Virtual Machine (TVM), consensus mechanisms, and peer-to-peer (P2P) interactions, aimed to proactively identify and resolve any vulnerabilities that could potentially impact the performance of the TRON blockchain, including transaction execution, block generation and consensus operations.

Key findings and solutions

ChainSecurity discovered several vulnerabilities that, if exploited, could have affected network performance or even caused outages. The TRON development team acted quickly to address these issues. Below are some of the most notable findings and the solutions that were implemented to ensure network stability and security:

1. PBFT messages that create state expansion

A major issue was found with PBFT (Practical Byzantine Fault Tolerance) messages, which could have caused unlimited memory expansion, which could lead to a denial of service (DoS) attack.

Fix: The system has been updated to ensure that PBFT messages are only processed when PBFT is enabled, preventing excessive memory consumption.

1. Unauthorized censorship of fork blocks

An attacker could have censored legitimate fork blocks by creating a fork chain with fake blocks. Upon detection, the entire fork would have been discarded, including valid blocks.

Fix: New code now filters out invalid producer blocks before processing them, ensuring network consistency.

1. Resource consumption for blocks not signed by witnesses

The evaluation revealed that blocks without witness signatures were still being processed, consuming valuable resources such as memory, storage, and CPU.

Fix: Blocks that fail signature verification are now immediately discarded, preventing unnecessary resource usage and safeguarding network performance.

TRON DAO's commitment to security

Commenting on the collaboration, founding partner and head of sales, Emilie Raffo of ChainSecurity, said: “It is always a pleasure to join new ecosystems and be able to add value. We work closely with the TRON team to identify and resolve vulnerabilities, strengthening the security and overall performance of the network. We look forward to many more years of fruitful collaboration to secure the TRON ecosystem.”

Dave Uhryniak, TRON DAO community spokesperson, further stated:

“Security is paramount to growth and trust within any blockchain ecosystem. ChainSecurity's TRON security assessment has further strengthened the resilience of our network, ensuring that we continue to provide a secure and efficient platform for our global user base. “This marks another milestone in our ongoing commitment to improving the security and reliability of the TRON network.”

TRON DAO's collaboration with ChainSecurity highlights its dedication to proactively identifying and resolving security challenges. This security assessment reinforces TRON's commitment to protecting user assets and data across its network.

Improved security for the TRON ecosystem

With these issues identified and resolved, TRON's security infrastructure has been significantly strengthened, ensuring the network continues to operate at an optimal level. ChainSecurity's assessment reaffirms TRON's dedication to maintaining the highest security standards, providing a secure and trusted environment for its global user base.

Do you want to know more?

For a detailed breakdown of the findings and solutions, see the full security assessment report: ChainSecurity Java-Tron Security Assessment Report.

About TRON DAO

TRON DAO is a community-governed DAO dedicated to accelerating the decentralization of the Internet through blockchain technology and dApps.

Founded in September 2017 by HE Justin Sun, the TRON network has continued to make impressive achievements since the launch of MainNet in May 2018. July 2018 also marked the integration of the BitTorrent ecosystem, a pioneer in decentralized Web3 services that boasts more of 100 million monthly active users. The TRON network has gained incredible traction in recent years. As of September 2024, it has over 256 million total user accounts on the blockchain, over 8 billion total transactions, and over $20 billion in total value locked (TVL), as reported in TRONSCAN.

Additionally, TRON hosts the largest circulating supply of USD Tether (USDT) stablecoin worldwide, surpassing USDT on ethereum as of April 2021. The TRON network completed its full decentralization in December 2021 and is now a DAO governed by the community. Most recently, in October 2022, TRON was designated as the national blockchain of the Commonwealth of Dominica, marking the first time that a major public blockchain has partnered with a sovereign nation to develop its national blockchain infrastructure. blocks. In addition to government support to issue Dominica Coin (“DMC”), a blockchain-based fan token to help promote Dominica's global fanfare, seven existing TRON-based tokens: TRX, BTT, nft, JST, USDD , USDT, TUSD, have been granted legal status as an authorized digital currency and medium of exchange in the country.

TRON Network | TRONDAO |twitter.com/TRONDAO” target=”_blank” rel=””> twitter | YouTube | Telegram | Discord | reddit | GitHub | Half | Forum

Media contact
Yeweon Park
(email protected)

About the security chain

ChainSecurity is among the oldest and most trusted smart contract auditing companies. Their team has been conducting smart contract audits since 2017 and is trusted by long-term partners such as MakerDAO, Circle, Curve, Lido, TRON, Compound, Yearn, Tether, Argent, FUEL and others.

In addition to its history of responsible disclosure of vulnerabilities, in the ethereum protocol itself and in live smart contract code, ChainSecurity has a history of developing new security tools and discovering new types of vulnerabilities.

Media contact
ChainSecurity Marketing Team
(email protected)