After a Block Producer’s (BP) vote held on June 6th, an official ‘no-go’ was announced for the mainnet launch. The event has been pushed back by at least another 24 hours.
The long-awaited launch of EOS’ mainnet has been further delayed after a BP vote held on June 6th failed to give the green light. A new vote is scheduled to take place 24 hours after security firms perform an audit. At that time, if BPs do not identify any further vulnerabilities the launching process should take place.
The most likely outcome – at least according to David Moss, head of a blockchain consulting company which focuses exclusively on EOS – is that the next vote on Thursday is also likely to be a no-go.
The Current State of the Launch
EOS tokens were frozen on June 1st in anticipation for the launch of the official EOS network. The EOS Mainnet Launch Group (EMLG) has been tasked to guarantee a secure and seamless launch ever since.
However, days before June 1st, news emerged that critical vulnerabilities were found in the project’s network, according to a leading Chinese cybersecurity company. EOS appeared to have been aware of the vulnerabilities at the time and most of the issues had purportedly already been patched, as evidenced by EOS’ formal statement on the matter:
Media has incorrectly reported a potential delay in the release of EOSIO V1 due to software vulnerabilities. Our team has already fixed most and is hard at work with the remaining ones. EOSIO V1 is on schedule; please stay tuned to our EOSIO channels for official information.
— EOS (@EOS_io) May 30, 2018
The team failed to provide further clarification on what they meant by “most” of the bugs, and which ones were yet to be fixed. It is clear, though, that the issues they are currently facing are preventing the mainnet from being released, ultimately substantiating the Chinese team’s statement that the aforementioned vulnerabilities could delay the network’s release.
Reports indicate that the EMLG team has been working tirelessly to resolve the remaining vulnerabilities. Each vulnerability has been labeled according to significance with a designator ranging from P0 to P4. The P0 designator represents bugs which comprise a blocker, prompting an urgent fix, and P4 represents an issue that should merely be noted for a future fix.
In an official statement, the EMLG has opted not to give any further clarity on the remaining bugs which are deterring the network from coming to light, nor are they estimating how much time it will take to fix them.
Partial Clarity on the Matter
Immediately after claiming that most of the reported vulnerabilities have been resolved by the team, EOS initiated a Bug Bounty Campaign. One might question why such a program is needed, especially immediately after most of the issues have been handled, but arguments can be made that the team is being extra vigilant when it comes to flaws in its network.
Things took a slightly unexpected turn, however, as ethical hacker Guido Vranken managed to identify 8 vulnerabilities in just one day – a number which ultimately grew to 12 and earned Vranken a cool $120,000 in bug bounties.
In other words, there are at least 12 vulnerabilities which have been identified since May 30th and, up until this moment, the public has yet to learn how many of them – if any – are P0 (blocking) issues and how many of them present a lesser threat to the network.
The only information that users currently have is that the EMLG refuses to commit to a firm launch date as it “would be irresponsible” and that a new update is set to take place within the next 24 to 48 hours.
In light of recent events, one wonders whether this lack of transparency suits a project which managed to raise the whopping $4 billion over the course of a year-long ICO.