Callisto Network
WebsiteSecurity DepartmentTwitter
  • Whitepaper
    • ๐Ÿ‡ฎ๐Ÿ‡นWhitepaper (ITA)
    • ๐Ÿ‡ฎ๐Ÿ‡ณWhitepaper (TELUGU)
    • ๐Ÿ‡ฎ๐Ÿ‡ณWhitepaper (HINDI)
    • ๐Ÿ‡จ๐Ÿ‡ณWhitepaper (CN Traditional)
    • ๐Ÿ‡ญ๐Ÿ‡ฐWhitepaper (CN Simplified)
    • ๐Ÿ‡ซ๐Ÿ‡ทWhitepaper (FR)
    • ๐Ÿ‡ต๐Ÿ‡ญWhitepaper (PH)
  • ๐Ÿ“ŒStrategic Plan
  • Callisto Network Vision
  • ๐Ÿš€Callisto Network Progress Tracker
  • ๐Ÿ—“๏ธEcosystem Reports
    • Callisto Monthly - February 2023
    • Callisto Monthly - January 2023
      • ๐Ÿ‡ฎ๐Ÿ‡นCallisto Monthly - January 2023 (ITA)
      • ๐Ÿ‡ซ๐Ÿ‡ทCallisto Monthly - January 2023 (FR)
      • ๐Ÿ‡ฎ๐Ÿ‡ณCallisto Monthly - January 2023 (TELUGU)
    • Callisto Monthly - December 2022
      • ๐Ÿ‡ฎ๐Ÿ‡นCallisto Monthly - December 2022 (ITA)
      • ๐Ÿ‡ซ๐Ÿ‡ทCallisto Monthly - December 2022 (FR)
      • ๐Ÿ‡ต๐Ÿ‡ญCallisto Monthly - December 2022 (PHI)
    • Callisto Monthly - November 2022
      • ๐Ÿ‡ซ๐Ÿ‡ทCallisto Monthly - November 2022 (FR)
      • ๐Ÿ‡ฎ๐Ÿ‡นCallisto Monthly - November 2022 (ITA)
      • ๐Ÿ‡ฎ๐Ÿ‡ณCallisto Monthly - November 2022 (TELEGU)
    • Callisto Monthly - October 2022
      • ๐Ÿ‡ฎ๐Ÿ‡นCallisto Monthly - October 2022 (ITA)
      • ๐Ÿ‡ซ๐Ÿ‡ทCallisto Monthly - October 2022 (FR)
      • ๐Ÿ‡ต๐Ÿ‡ญCallisto Monthly - October 2022 (PHI)
      • ๐Ÿ‡จ๐Ÿ‡ณCallisto Monthly - October 2022 (CN Simplified)
      • ๐Ÿ‡ญ๐Ÿ‡ฐCallisto Monthly - October 2022 (CN Traditional)
      • ๐Ÿ‡ท๐Ÿ‡บMonthly - October 2022 (RU)
    • Callisto Monthly - September 2022
      • ๐Ÿ‡ฎ๐Ÿ‡นCallisto Monthly - September 2022 (ITA)
      • ๐Ÿ‡ซ๐Ÿ‡ทCallisto Monthly - September 2022 (FR)
      • ๐Ÿ‡ต๐Ÿ‡ญCallisto Monthly - September 2022 (PHI)
      • ๐Ÿ‡จ๐Ÿ‡ณCallisto Monthly - September 2022 (CN Simplified)
      • ๐Ÿ‡ญ๐Ÿ‡ฐCallisto Monthly - September 2022 (CN Traditional)
    • Callisto Monthly - August 2022
      • ๐Ÿ‡ฎ๐Ÿ‡นCallisto Monthly - August 2022 (ITA)
      • ๐Ÿ‡ซ๐Ÿ‡ทCallisto Monthly - August 2022 (FR)
      • ๐Ÿ‡ต๐Ÿ‡ญCallisto Monthly - August 2022 (PH)
    • Callisto Monthly - July 2022
      • ๐Ÿ‡ฎ๐Ÿ‡นCallisto Monthly - July 2022 (ITA)
    • Callisto Monthly - June 2022
    • Callisto Monthly - May 2022
    • Callisto Monthly - April 2022
    • Callisto Monthly - March 2022
  • Technologies
    • ๐Ÿ“ˆCallisto Dynamic Monetary Policy
      • Crypto-models To Overcome Inflation and Callisto Network's Approach
      • Skuld Hard Fork - Update On Progress
    • ๐ŸงŠCold Staking
      • Cold Staking And PoS Staking Comparison
    • ๐Ÿช™Wrapped Callisto (ccCLO)
    • ยฎ๏ธDexNS 2021
    • โ›๏ธProof of Work
      • ZPoW #1 - Exploiting The Block Time & Block Size
      • Callisto Network Introduces the Dynamic Gas Price
    • โ“‚๏ธCallisto Network Masternodes
    • ๐ŸŽ“Tutorials
      • Setting Up Metamask For Callisto Network
        • Update the RPC URL in MetaMask
      • How to buy Callisto with Your Credit Card
      • How to Run a Callisto Network Node?
      • Callisto Network Masternodes Set-up
    • ๐ŸŒCallisto Hub
    • ๐ŸงฉWeb 3.0 Infrastructure
    • ๐Ÿ”Chain Inspector
  • We Fund You!
    • ๐Ÿ’ฒWe Fund You!
      • We Fund You Award - 1st Edition
  • Security Department
    • ๐Ÿ”Auditing Department
      • Auditing Department Amendment v5
    • ๐Ÿ“–Documentation
      • ๐Ÿ›ก๏ธSecurity Department Best Practices
      • ๐Ÿช™ERC 223 Token Standard
        • ERC20 Standard Main Issue
      • ๐Ÿ–ผ๏ธCallistoNFT Standard
        • Roadmap
      • โœ–๏ธCross-Chain Bridges Security Model
    • Products & Services
      • ๐Ÿ”Security Audits For Smart Contracts
        • Mission: Securing The Smart Contracts Ecosystem
        • Trust and Smart Contracts: Code is the Limit
    • ๐ŸคVarious Contributions
      • Ethereum Classic
        • ECIP-1092 51attack solution: PirlGuard & Callisto proposal
      • Ethereum
        • Statement regarding Geth v1.10.8 split
      • EOS
        • Page 1Chintai (EOS resource exchange) low severity issue.
        • EOS congestion 9/13/2019 and EOSPlay hack
      • Ultimate solution to 51% attacks: amend the Nakamoto consensus
  • Hack Investigation Dept.
    • Hack Investigation Department
    • Helio Exploit
    • Binance Bridge Hack
    • TempleDAO's STAX Contract Hack Investigation
    • NFT Theft Analysis
    • AUDIUS Governance System Exploit Overview
    • LUNA โ€˜Hardforkโ€™ Review
  • One Earth, One Heart
    • ๐ŸŒŽOne Earth, One Heart
    • ๐Ÿ’šCallisto Charity Efforts
  • Community
    • ๐Ÿ“ฅCallisto Network Improvement Proposals
    • ๐Ÿ’ฌCallisto AMAs
      • Callisto Team's Ask Me Anything on 04/05/2023
      • Callisto Team's Ask Me Anything on 03/03/2023
      • Callisto Team's Welcome AMA on 10/11/2022
      • Callisto Team's Ask Me Anything on 10/10/2022
      • Callisto Security Team's Ask Me Anything on 02/09/2022
      • Callisto Team's Ask Me Anything on 28/07/2022
      • Dexaran's Ask Me Anything on 11/04/2022
    • ๐Ÿ“ŒGet Started
  • Callisto Enterprise
    • ๐Ÿช™Callisto Enterprise Token
      • Vision and Tokenomics
    • ๐Ÿ‘ฅTeam
      • Callisto Team Motivation System
  • In The Press
    • ๐ŸŸขCallisto Network
      • Ethereum, Ethereum Classic, Callisto Network, A Common History
      • Callisto Network: Three Years After Mainnet Launch
      • Czech Ethereum Killer
    • ๐Ÿ–ผ๏ธNFTs
      • Artist Creates And Then Destroys Art To Launch CallistoNFT
      • Security Network Develops New NFT Standard To Address ERC-721 Flaws
  • Miscellaneous
    • ๐ŸงฉMedia Kit
Powered by GitBook
On this page
  • Description.
  • Discovered issue.
  • Example.
  1. Security Department
  2. Various Contributions
  3. EOS

Page 1Chintai (EOS resource exchange) low severity issue.

PreviousEOSNextEOS congestion 9/13/2019 and EOSPlay hack

Last updated 2 years ago

Original article by Dexaran posted on on November 8, 2018.

Description.

Chintai is a EOS smart-contract. It is a kind of exchange where users can lend or lease EOS.

If a user wishes to lease the resources (CPU or NET) provided by his EOS, he must send his EOS to the Chintai contract where it will be stored in an order.

If a user wants to rent resources, he must complete the execute order or group of orders. To do this, he must send the rental fee to the contract, after which the rented EOS will be staked for the leaserโ€™s CPU or NET depending on his(her) choice. Contract does not allow leaser to receive โ€œEOSโ€. Contract only allows leaser to get CPU or NET provided by someone elseโ€™s EOS.

Discovered issue.

When users place orders at the same price, orders are grouped in the same way as orders on any exchange are grouped. In some situations, in order to rent an EOS, a leaser needs to execute several orders within a transaction.

Each transaction in the EOS runs for a certain time. There is a maximum amount of time that a transaction can run for. If the maximum amount of transaction time is exceeded then transaction is not guaranteed to execute.

It is possible to spam Chintai with large quantities of small orders. This will lead to the impossibility to borrow/lend significant amount of EOS and hurt the operability of the contract.

Example.

User1 submits 100 โ€œlendโ€ orders of 10 EOS each at 0.20%/week.

User2 wants to lease 1000 EOS. In this case, user2 can not invoke the contract and get 1000 EOS leased because it needs to execute 100 small orders and it is above the max transaction time limit.

User2 can execute orders one by one, however he will run out of resources quickly.

User2 cannot access orders above the โ€œlowest askโ€ price because he need to execute lowest ask orders from stack first.

๐Ÿค
Medium