Apr 21, 2020
SlowMist Releases EOS WPS Smart Contract Security Audit Report
Recently, the SlowMist security team was invited by EOS super node EOS Nation to conduct a comprehensive security audit for the open-source code of the EOS proposal system (WPS) (https://github.com/EOS-Nation/eos-wps). Including but not limited to: overflow audit, race condition audit, permission control audit, design logic audit, security design audit, and reentrancy attack audit. The audit reported four medium-risk vulnerabilities and seven low-risk vulnerabilities, and made three security enhancement suggestions.
After communication between the teams of both parties, the problems have now been fixed. The audit results are all “pass,” and there is no known risk. For the complete audit report, please see below or look up the SlowMist Security Team GitHub:
About EOS WPS
The EOS Worker Proposal System (WPS) is a funding mechanism for the EOS Mainnet, enabling developers and other value creators to seek funding from the EOS blockchain for their projects outside of EOS block rewards. It’s modeled closely after the DASH Budget Proposal System, which has been successfully funding projects benefiting the DASH ecosystem. It also pulls from our experience designing and maintaining the BOS Ecosystem Program. We’ve analyzed real node, developer, and token holder behaviour in both these systems over an extended period of time in order to design an improved version for the EOS Mainnet.
This decentralized voting & distribution mechanism is governed by the rules coded within the WPS smart contracts, which allows any EOS account to propose a budget for their specific project and Block Producers elected by token holders to vote on them. Each proposal that passes is paid directly from the eosio.wps account to the EOS account that proposed the work.
Before the emergence of EOS WPS, there was no incentive mechanism for developers in EOS ecosystem. Compared with other public links, such as ethereum, outstanding developers in EOS community could not receive community rewards for their contributions to community ecology. In addition, the relatively high resource cost and node maintenance cost of EOS caused many excellent project developers to leave.
The launch of EOS WPS can effectively make up for the lack of community incentive mechanism. Excellent EOS developers can apply for development funds through EOS WPS, reduce the financial pressure in the development process, and better promote the development of EOS ecology.
