SlowMist Releases EOS WPS Smart Contract Security Audit Report

Recently, the SlowMist security team was invited by EOS super node EOS Nation to conduct a comprehensive security audit for the open-source code of the EOS proposal system (WPS) ( Including but not limited to: overflow audit, race condition audit, permission control audit, design logic audit, security design audit, and reentrancy attack audit. The audit reported four medium-risk vulnerabilities and seven low-risk vulnerabilities, and made three security enhancement suggestions.

After communication between the teams of both parties, the problems have now been fixed. The audit results are all “pass,” and there is no known risk. For the complete audit report, please see below or look up the SlowMist Security Team GitHub:


The EOS Worker Proposal System (WPS) is a funding mechanism for the EOS Mainnet, enabling developers and other value creators to seek funding from the EOS blockchain for their projects outside of EOS block rewards. It’s modeled closely after the DASH Budget Proposal System, which has been successfully funding projects benefiting the DASH ecosystem. It also pulls from our experience designing and maintaining the BOS Ecosystem Program. We’ve analyzed real node, developer, and token holder behaviour in both these systems over an extended period of time in order to design an improved version for the EOS Mainnet.

This decentralized voting & distribution mechanism is governed by the rules coded within the WPS smart contracts, which allows any EOS account to propose a budget for their specific project and Block Producers elected by token holders to vote on them. Each proposal that passes is paid directly from the eosio.wps account to the EOS account that proposed the work.

Before the emergence of EOS WPS, there was no incentive mechanism for developers in EOS ecosystem. Compared with other public links, such as ethereum, outstanding developers in EOS community could not receive community rewards for their contributions to community ecology. In addition, the relatively high resource cost and node maintenance cost of EOS caused many excellent project developers to leave.

The launch of EOS WPS can effectively make up for the lack of community incentive mechanism. Excellent EOS developers can apply for development funds through EOS WPS, reduce the financial pressure in the development process, and better promote the development of EOS ecology.

Full report:




SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

DAOs not decentralized but, lower than 1% holding 90% of the voting power- Crypto News

Implementing Storage Rent in RSK — Part 1

AvStar Capital Strategic Partnerships with and Invests in

TVG — The Social Coin!!

TVG: The Social Coin — You Can Contribute in Social Charities While Also Investing In Cryptocurrency For Your Future

upNFT Series 2: Binance Chain

About NFT OR Digital Art is the new reality

Launchpad: Seedling ($SDLN) Token Sale

Update: August 2021

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.

More from Medium

Lunaray Token Security Scan Report

Fairyproof’s Analysis of the Attack on Fortress Protocol

MetaSwapGas soft-rugged investors for $602,000 💰

MistTrack Analysis of the $90 Million Stolen from Liquid Exchange