關鍵的 Cosmos 安全漏洞已解決，保護了 1.26 億美元的數位資產

Cosmos 區塊鏈的區塊鏈間通訊 (IBC) 協議中的一個關鍵安全漏洞已解決，可能節省 1.26 億美元的數位資產。該漏洞透過 Cosmos HackerOne Bug Bounty 計劃披露，可能導致對 Osmosis 等 IBC 連接區塊鏈的重入攻擊。速率限制減輕了潛在的損害，該漏洞自 2021 年以來一直存在，三週前由 Carlos Rodriguez 修復。此事件凸顯了跨鏈技術的分層防禦方法和安全研究的重要性。

Critical Security Flaw in Cosmos Blockchain Resolved, Protecting $126 Million in Digital Assets

Cosmos 區塊鏈中的關鍵安全漏洞已解決，保護了 1.26 億美元的數位資產

San Francisco, CA - Blockchain security firm Assymetric Research has disclosed a critical security flaw within the Inter-Blockchain Communication (IBC) protocol of the Cosmos blockchain network. The vulnerability, which could have potentially jeopardized $126 million in digital assets, was privately disclosed through the Cosmos HackerOne Bug Bounty program and has since been rectified.

加州舊金山 - 區塊鏈安全公司 Assymetric Research 揭露了 Cosmos 區塊鏈網路的區塊鏈間通訊 (IBC) 協定中的一個嚴重安全缺陷。該漏洞可能會危及 1.26 億美元的數位資產，該漏洞已透過 Cosmos HackerOne Bug Bounty 計畫私下披露，並已修正。

Vulnerability Assessment

漏洞評估

According to Assymetric Research, the flaw had the potential to exploit IBC-connected blockchains like Osmosis and other decentralized financial ecosystems within the Cosmos network. The security firm estimated that assets worth $126 million could have been compromised on Osmosis alone. However, rate limits, implemented as a preventive measure, likely mitigated further damage by restricting the number of requests processed per unit of time.

據 Assymetric Research 稱，該缺陷有可能利用與 IBC 連接的區塊鏈，例如 Osmosis 和 Cosmos 網路內的其他去中心化金融生態系統。該安全公司估計，僅 Osmosis 就可能導致價值 1.26 億美元的資產受到損害。然而，作為預防措施實施的速率限制可能會透過限制每單位時間處理的請求數量來減輕進一步的損害。

Discovery and Resolution

發現與解決

The vulnerability existed since the launch of ibc-go, the programming language implementation of IBC, in 2021. It was only discovered following the recent deployment of IBC middleware, facilitating the exchange of ICS20 tokens (interchain token standard) between different chains.

該漏洞自 2021 年 IBC 程式語言實現 ibc-go 推出以來就存在。

Security Implications

安全影響

Another security organization, ADSL, emphasized the significance of this incident, highlighting the ease with which security assumptions can be breached and new vulnerabilities introduced when incorporating new functionalities into complex systems. It underscores the necessity for a layered defense approach and increased research into the security risks associated with cross-chain technologies.

另一個安全組織 ADSL 強調了這一事件的重要性，並強調了在將新功能合併到複雜系統中時，安全假設很容易被破壞，並且會引入新的漏洞。它強調了分層防禦方法的必要性，並加強了對與跨鏈技術相關的安全風險的研究。

Community Response

社區反應

The bug was addressed approximately three weeks ago by Cosmos developer Carlos Rodriguez, as evidenced by a GitHub commit. Notably, a previous 'critical' security issue within the IBC protocol was identified in October 2022 and promptly patched before exploitation could occur.

Cosmos 開發人員 Carlos Rodriguez 大約三週前解決了這個錯誤，GitHub 提交證明了這一點。值得注意的是，IBC 協議中先前的一個「嚴重」安全問題於 2022 年 10 月被發現，並在漏洞發生之前立即進行了修補。

Ongoing Security Enhancements

持續的安全增強

The resolution of this security flaw underscores the ongoing efforts within the blockchain community to fortify the integrity and security of decentralized networks, safeguarding digital assets against potential threats and vulnerabilities. Developers and security researchers continue to work diligently to identify and address vulnerabilities, ensuring the security and trust of users within the growing blockchain ecosystem.

這項安全漏洞的解決突顯了區塊鏈社群為加強去中心化網路的完整性和安全性、保護數位資產免受潛在威脅和漏洞的持續努力。開發人員和安全研究人員繼續努力識別和解決漏洞，確保不斷發展的區塊鏈生態系統中用戶的安全和信任。

Conclusion

結論

This critical security flaw within the Cosmos blockchain network has been resolved, protecting $126 million in digital assets from potential compromise. The incident highlights the importance of ongoing security audits, vulnerability management, and collaboration within the blockchain community to ensure the integrity and security of decentralized networks.

Cosmos 區塊鏈網路中的這一關鍵安全漏洞已得到解決，保護了價值 1.26 億美元的數位資產免受潛在威脅。此事件凸顯了區塊鏈社群內持續安全審計、漏洞管理和協作的重要性，以確保去中心化網路的完整性和安全性。