Researchers from Digital Asset Research (DAR) have revealed several cases of code plagiarized from other projects in the Tron codebase.
From the look of things, Tron inventors copied the code from Ethereum in addition to other projects and used different filenames so that it will be impossible to detect the source of the code. DAR released an article on Medium regarding the copy and the legal and technical issues that the Tron mainnet will now have to face.
“On December 31, 2017, the project was initially accused of violating the GNU Lesser General Public License v3.0 (LGPL) because the project does not mention that its client, Java-Tron, was derived from EthereumJ, which is one of the first Ethereum libraries,” DAR wrote, adding:
Although the project later added the relevant LGPL license language to 14 of the files, we found several instances of code that was copied verbatim or slightly modified from EthereumJ, still without appropriate reference.“
Lucas Nuzzi of DAR, provided CCN with images backing the copy claims, which came after an earlier instance of Tron allegedly copying extensive portions of its whitepaper from other projects.
“In the commit above, developers went through the hassle of changing the title of some functions to hide the plagiarism, as evidenced by commit d4ad9c9. There is no valid reason to change the EthereumJ’s public class “name,” for example, to “dataBaseName,” other than to make it difficult to track the similarities between both repositories.”
Nuzzi went further to state that aside from the possible legal and ethical actions relating to copied code, the codebase presently faces technical issues as well that could be very essential.
“The problem is when you repurpose code originally developed for a completely different system architecture and don’t have enough time to fully test it. Vulnerabilities that were not applicable to the original system are now applicable to the new one. Plagiarism is bad, but the concern here relates to the unknown vulnerabilities that may arise when you combine all of these modules together, on steroids. Nothing wrong with experimenting, but the community should definitely adjust expectations.”
DAR researchers were not specifically funded to research the Tron codebase.
“My job is to perform deep technical due diligence for our clients, which involves reviewing the entire codebase of the projects we cover, which is what I did with TRON,” Nuzzi said. “Most of our research is exclusive to our clients, but whenever we find something that the entire community can benefit from, we share it.”
With the mainnet movement expected to occur on June 25, it is likely that Tron may face various technical and legal issues that will negatively affect its performance and success of the project. Tron staff is yet to make any response regarding the matter.