Cosmos team fixes new vulnerabilities before potential exploit

The past few months have been filled with stories of exploited blockchain ecosystems, whether due to coding errors or disgruntled employees.

After the most notorious attack in recent months that saw the Binance Smart Chain exploited in exchange for several million dollars worth of BNB, Cosmos’ cybersecurity team conducted extensive audits as a precaution.

Weaknesses affect all IBC chains

The vulnerability was announced on the Cosmos Network Forum by Ethan Buchman, co-founder of the Cosmos Inter-Blockchain Communications Network (IBC).

It was discovered by Cosmos and Osmosis developers during the review that followed the BSC exploit – but it’s worth noting that the attack was not confirmed in any way to the BSC exploit.

In response to a forum member, Buchmann confirmed that the discovered vulnerability is also not related to a bug recently discovered by Verichain. He also mentioned that the bug discovered by Verichain doesn’t actually affect IBC chains.

Correction to be applied tomorrow

According to the blog post, the team at Cosmos has already reached out to the developers of major IBC projects to ensure the patch is applied before word reaches the wrong people.

“Measures have already been put in place to ensure that all major public IBC-enabled threads are patched. Given the level of difficulty, we have worked tirelessly with core development teams and validators across the ecosystem to make patch available privately and to ensure that threads are patched before calling public.”

The patch will be published in the Cosmos SDK today Friday 14, 14:00 UTC so that small project developers can update their networks. It is said that stopping the chain is not necessary to implement the patch, and IBCdevs can consider their projects safe once a third of the voters of the chain have voted to implement the upgrade.

However, it’s recommended to use at least two-thirds – which shouldn’t be a problem to get there, given that it’s a vote to fix a serious loophole.

The ad closes with a request to contact the IBC team via email if there are any issues and an appeal to white hat hackers to offer a bug bounty if additional vulnerabilities are discovered. Hopefully, Cosmo’s success story will inspire other platforms to carry out extensive security audits more frequently, which will stop the flood of exploits caused by the spaghetti code.

The Cosmos team then fixed the new vulnerabilities before the potential exploit first appeared on CryptoPotato.

Leave a Reply

Your email address will not be published. Required fields are marked *