Specialists of the Chinese cybersecurity firm Qihoo 360 revealed that they had found a bug in the NEO code, which makes the NEO blockchain vulnerable to the DoS attack. Representatives of NEO confirmed the existence of this vulnerability.

Zhiniang Peng, a cybersecurity team expert at Qihoo 360, published a blog post explaining the nature of the vulnerability found in the NEO code.

"The NEO Smart Contract Platform provides the contract with a system call (System.Runtime.Serialize) to certain object on the serialized virtual machine stack. This call processes the contract request without considering the nesting of the array, which will cause crash of the smart contract system platform."

The vulnerability could potentially lead to the collapse of the smart contracts platform.

Attackers could publish malicious smart contracts, which with the help of this vulnerability would disrupt the operation of the NEO network. 7 master-nodes responsible for verifying and packaging transactions could start analyzing the malicious contract and crash.

Moreover, the bug was able to make the NEO network vulnerable to a DoS attack.

Qihoo 360 reported the discovery to developers NEO on 15 August. NEO founder Erik Zhang checked the information and confirmed that the vulnerability existed. After 56 minutes it was fixed.

The Qihoo 360 team received a reward of 1000 NEO ($18,000).