A startling report by New York-based blockchain security researchers Digital Asset Research (DAR) revealed new instances of plagiarized code in the Tron code base.
Tron Code Exposed
According to a post on June 19, 2018, DAR claimed to have scrutinized Tron’s code and white paper to find discrepancies and successfully found plagiarized code. The researchers noted these instances “pale in comparison to the technical challenges of the mainnet launch [on June 25, 2018].”
Valued at $3.2 billion, Tron is the world’s ninth largest cryptocurrency by market cap. The protocol touts itself as building the “infrastructure for a truly decentralized Internet.” However, both project and its creator, Justin Sun, have been called out by the cryptocurrency community for the project’s highly centralized nature, instances of plagiarism, and overvalued tokens without a tested working product.
But, Sun is a media personality in China and previously founded the video-sharing Peiwo App, with over 10 million users. Tron’s massive valuation is partly attributed to Sun’s fan base and its first partnership – Peiwo itself.
While a fundamental investor may have enough reasons to invest in the Chinese project, research finds glaring holes in Tron’s code, controversial feuds, and plagiarism.
Tron’s Highly Centralized project.
Sun Lifts EthereumJ Licenses
On December 31, 2017, the project was accused of violating the GNU Lesser General Public License v3.0 (LGPL) as it failed to mention the Java-Tron client was derived from EthereumJ, one of the first Ethereum libraries.
Tron later added the LGPL license to their files, only for developers to find the code copied verbatim from EthereumJ, without proper attribution or permission.
In January 2018, the founder of Protocol Labs, Juan Benet, found nine pages of Tron’s white paper directly lifted form Filecoin, a 2015 cryptocurrency project inicidently co-authored by Benet. While Sun cast the mistake as a “mistranslation” from Mandarin to English, the sheer volume of copied content led developers to believe the contrary.
Despite these loopholes, DAR believes plagiarizing code without attribution is a mere legal risk, and relatively “pale in comparison” to the protocol’s technicalities itself. In this regard, EthereumJ is known to be unreliable and has issues like memory leakage.
Ethereum Virtual Machine Copied Verbatim
DAR noted the Ethereum Virtual Machine has been copied verbatim by Tron, and hilariously, made few changes that increase the protocol’s exposure to an attack.
Tron has incorporating a Delegated Proof-of-Stake consensus algorithm to its technology stack, exposing the network to “unique technical risks following its mainnet launch,” as the project is blatantly merging different technologies that existing for opposing purposes.
“Finally, while there is little economic activity for us to measure right now, many important economic choices have been poorly defined or have conflicting or misleading information. Perhaps when the network is more fully utilized, we will have the ability to measure the on-chain economic activity.”