Cosmos Fixes Critical $126 Million Security Bug in Inter-Blockchain Protocol
Summary:
A crucial security flaw in Cosmos' Inter-Blockchain Communication (IBC) protocol, endangering about $126 million, has been remedied by developers, according to Asymmetric Research. The bug could have allowed hackers to generate unlimited tokens on IBC-linked platforms. No funds were lost and the problem was fixed before any exploitations occurred. The issue emphasizes the importance of thorough security measures and indicates a need for more research into cross-chain security threats.
In Cosmos, an important flaw in its Inter-Blockchain Communication (IBC) protocol has been identified and corrected, according to Asymmetric Research, a blockchain security company. The bug, which exposed approximately $126 million to risk, was privately conveyed to Cosmos via their HackerOne Bug Bounty program. On April 23, Asymmetric Research confirmed that the problem has been resolved, assuring that no funds disappeared and no malicious attempts to exploit the defect were observed.
The identified bug could have made the system susceptible to a reentrancy attack, giving potential hackers the ability to generate an unrestricted number of tokens on IBC-linked ecosystems like Osmosis and other DeFi platforms within Cosmos. It was speculated that assets over $126 million on Osmosis could have been compromised. Nevertheless, the damage potential was reduced due to rate limiting on Osmosis. This technique prevents or lessens attacks aiming to saturate a system by managing the frequency of created requests.
Asymmetric conveyed that the bug has been present in ibc-go—an advanced programming implementation of IBC—since its initiation in 2021. The bug became exploitable only recently, thanks to the launch of IBC middleware, a new third-party application by Cosmos developers. This application facilitates the transfer of ICS20 tokens between different chains.
The issue underscores the potential risk to trust and the emergence of new vulnerabilities when new features or functionalities are introduced. Asymmetric emphasizes the importance of comprehensive security measures and how this flaw illustrates the necessity for further research into cross-chain security threats to better safeguard the multi-chain ecosystem.
According to a GitHub commit, Cosmos developer Carlos Rodriguez rectified the bug approximately three weeks ago. Notably, another major security vulnerability was detected in the IBC protocol back in October 2022, which affected all IBC-linked chains. However, developers were successful in patching it before it could be exploited.
Published At
4/24/2024 4:52:26 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.