Cosmos 區塊鏈抵禦關鍵安全漏洞，防止 1.26 億美元被盜

Cosmos 區塊鏈的區塊鏈間通訊 (IBC) 協議面臨安全漏洞，據報導使 1.26 億美元的資產面臨風險。 Assymetric Research 檢測到的該漏洞可能會導致重入攻擊，從而允許駭客在 Osmosis 等連接 IBC 的區塊鏈上產生無限代幣。儘管該缺陷自 2021 年推出 ibc-go 以來就存在，但只是在實施新的 IBC 中間件後才被發現。 Cosmos 開發人員 Carlos Rodriguez 此後修復了該錯誤，並強調了跨鏈技術中安全性的挑戰和重要性。

Cosmos Blockchain Addresses Critical Security Vulnerabilities, Preventing Potential Loss of $126 Million

Cosmos 區塊鏈解決了關鍵安全漏洞，避免了 1.26 億美元的潛在損失

In a report issued by blockchain security firm Assymetric Research, it was revealed that a severe security flaw within the Inter-Blockchain Communication (IBC) protocol of the Cosmos blockchain has been successfully remediated. The vulnerability, had it been exploited, could have led to the theft of digital assets worth approximately $126 million.

區塊鏈安全公司 Assymetric Research 發布的一份報告顯示，Cosmos 區塊鏈的區塊鏈間通訊（IBC）協議中的嚴重安全缺陷已成功修復。如果該漏洞被利用，可能會導致價值約 1.26 億美元的數位資產被盜。

The flaw, which was confidentially reported through the Cosmos HackerOne Bug Bounty program, was deemed capable of facilitating a "re-entrancy attack." Such an attack would have allowed an attacker to generate an infinite number of tokens on blockchains connected via the IBC protocol, including Osmosis and other decentralized financial ecosystems within the Cosmos network.

該漏洞是透過 Cosmos HackerOne Bug Bounty 計劃秘密報告的，被認為能夠促進「重入攻擊」。這種攻擊允許攻擊者在透過 IBC 協議連接的區塊鏈上產生無限數量的代幣，包括 Osmosis 和 Cosmos 網路內的其他去中心化金融生態系統。

"Our analysis suggests that at least $126 million in assets could have been stolen from Osmosis, but the implemented rate limits likely prevented a more severe loss," stated Assymetric Research. Rate limits are technical safeguards designed to limit the volume of requests that can be processed within a specific time frame, thus mitigating the potential harm caused by cyberattacks.

Assymetric Research 表示：“我們的分析表明，Osmosis 至少有 1.26 億美元的資產可能被盜，但實施的利率限制可能會阻止更嚴重的損失。”速率限制是一種技術保障措施，旨在限制在特定時間範圍內可以處理的請求量，從而減輕網路攻擊造成的潛在危害。

The report further disclosed that the vulnerability had been present since the inception of ibc-go, the programming language implementation of IBC, in 2021. The issue remained undetected until the recent deployment of IBC middleware, a software component that facilitates the transfer of ICS20 (interchain) tokens across disparate blockchains.

該報告進一步披露，該漏洞自 2021 年 IBC 程式語言實現 ibc-go 誕生以來就一直存在。跨不同區塊鏈的代幣。

"This incident underscores the susceptibility of security assumptions to violation and the introduction of novel vulnerabilities as new functionalities are incorporated," emphasized ADSL, another security organization. "It also underscores the necessity of comprehensive defense mechanisms and increased research on the security implications of cross-chain technologies."

另一個安全組織 ADSL 強調：“這一事件凸顯了安全假設很容易被違反，並且隨著新功能的加入，會引入新的漏洞。” “它還強調了全面防禦機制的必要性以及加強對跨鏈技術安全影響的研究。”

The vulnerability was successfully resolved approximately three weeks ago by Cosmos developer Carlos Rodriguez, as evidenced by a GitHub commit. Notably, a previous "critical" security issue affecting the same IBC protocol was detected in October 2022 but was promptly patched before any exploitation could occur.

大約三週前，Cosmos 開發人員 Carlos Rodriguez 成功解決了這個漏洞，GitHub 提交證明了這一點。值得注意的是，先前的一個影響同一 IBC 協議的「嚴重」安全問題於 2022 年 10 月被發現，但在任何利用發生之前得到了及時修補。