The disclosure explains that with enough malicious requests, an attacker could have filled up all the available memory and effectively perform a Distributed Denial of Service attack on the TRX network by employing malicious code in a smart contract. The disclosure further explains the impact of such an attack:
“Using a single machine an attacker could send DDOS attack to all or 51% of the SR node and render Tron network unusable or make it unavailable.”
The cybersecurity researcher who discovered and disclosed the vulnerability was given a bounty of $1,500. The issue was first reported on January 14, but has been publicly disclosed only recently, after it was already fixed.
The largest country payer was reportedly Block.one. Major cryptocurrency exchange Coinbase was the second-largest bounty spender at $290,381 while Tron was the third-largest, reportedly paying out $76,200 in 2018.
By the beginning of February 2019, EOS.io, the company responsible for the development of fourth-largest crypto by market cap eos, had already handed over bug bounties for five critical vulnerabilities this year.