A significant security issue was identified and addressed by the Cosmos team in their Inter-Blockchain Communication (IBC) protocol. This vulnerability, as reported by a confidential source from the blockchain security industry, potentially exposed up to $126 million worth of assets to potential risk.
“The vulnerability we discovered was reported exclusively to Cosmos’ HackerOne Bug Bounty platform, and it has since been fixed.” – Asymmetric Research (April 23)
“No malicious exploitation took place and no funds were lost,” it added.
A reentrancy attack through the bug was potentially exploitable, enabling a malicious actor to produce an unlimited number of tokens on interconnected IBC chains such as Osmosis and other decentralized finance platforms in the Cosmos network.
“We believe at least 126M+ in assets could have been stolen on Osmosis. However, rate limiting on Osmosis slows down the damage that could be caused.”
Rate limits help protect systems from being overloaded by excessive requests by setting a limit on the number of requests that can be made within a given time frame. This way, potential attackers are denied the ability to flood the system with too many requests at once.
Since its launch in 2021, Ibc-go, the high-level programming language implementation of IBC by Asymmetric, has had a persistent bug.
A bug in Cosmos emerged more recently that could be exploited, but this became possible following the launch of a new external program, IBC middleware, developed by the Cosmos team. This software enables ICS20 tokens to move between different blockchains.
Adding new features and functionality to a system can make it vulnerable, as this situation illustrates. It’s yet another reminder of how crucial it is to have multiple layers of security in place, a concept known as defense-in-depth. Asymmetric stressed this point.
“This vulnerability highlights the critical need for more research into cross-chain security risks to protect the multichain ecosystem better.”
The bug was patched up by Cosmos dev Carlos Rodriguez about three weeks ago, a GitHub commit shows.
In October 2022, a significant security issue was discovered in the IBC (Inter-Blockchain Communication) protocol. This flaw affected every blockchain that utilized IBC and could have led to potential exploits if left unaddressed. Fortunately, a fix was implemented before any harm could be caused.
Read More
- LDO PREDICTION. LDO cryptocurrency
- JASMY PREDICTION. JASMY cryptocurrency
- Orca crypto price prediction: Buying opportunity ahead, or bull trap?
- Can Ethereum ETFs outperform Bitcoin ETFs – Yes or No?
- Chainlink to $20, when? Why analysts are positive about LINK’s future
- Citi analysts upgrade Coinbase stock to ‘BUY’ after +30% rally projection
- Why iShares’ Bitcoin Trust stock surged 13% in 5 days, and what’s ahead
- Spot Solana ETF approvals – Closer than you think?
- Injective at risk of pullback as key resistance holds strong – What now?
- Crypto mining ‘strengthens America’s energy grids’ – A 30% tax means…
2024-04-24 05:06