Cosmos IBC 協定關鍵安全漏洞已修復，保護 1.26 億美元

Cosmos 區塊鏈間通訊 (IBC) 協議中的一個關鍵安全漏洞已修復，可能保護超過 1.26 億美元的安全。該漏洞由 Asymmetry Research 發現並私下報告，可能會引發重入攻擊，從而允許駭客在 IBC 連接的鏈上鑄造無限代幣。速率限制機制可防止惡意利用。該漏洞自 2021 年以來一直存在，在引入 IBC 中間件後變得可利用。 Cosmos 開發人員在三週前修復了漏洞，強調需要持續進行跨鏈安全研究以保護多鏈生態系統。

Critical Security Flaw in Cosmos IBC Protocol Patched, Protecting $126 Million in Assets

Cosmos IBC 協議中的關鍵安全漏洞已修復，保護了 1.26 億美元的資產

A blockchain security firm, Asymmetric Research, has disclosed a "critical" vulnerability in the Inter-Blockchain Communication (IBC) protocol of the Cosmos network, which placed at least $126 million in crypto assets at risk. The vulnerability, privately reported to Cosmos via its HackerOne Bug Bounty program, has been resolved through a patch.

區塊鏈安全公司 Asymmetry Research 揭露了 Cosmos 網路的區塊鏈間通訊 (IBC) 協議中的一個「嚴重」漏洞，該漏洞使至少 1.26 億美元的加密資產面臨風險。該漏洞已透過 HackerOne Bug Bounty 計畫私下向 Cosmos 報告，並已透過修補程式解決。

"No malicious exploitation took place and no funds were lost," Asymmetric Research stated on April 23rd.

Asymmetry Research 4 月 23 日表示，「沒有發生惡意利用，也沒有資金損失」。

The bug, present in ibc-go since its launch in 2021, could have been exploited to execute a reentrancy attack, enabling hackers to mint an infinite number of tokens on IBC-connected chains such as Osmosis and other decentralized finance ecosystems within the Cosmos network.

該漏洞自2021 年推出以來就存在於ibc-go 中，可能被用來執行重入攻擊，使駭客能夠在IBC 連接的鏈上鑄造無限數量的代幣，例如Osmosis 和Cosmos 網路內的其他去中心化金融生態系。

"We believe at least 126M+ in assets could have been stolen on Osmosis," Asymmetric Research stated. "However, rate limiting on Osmosis slows down the damage that could be caused."

Asymmetry Research 表示：“我們相信 Osmosis 上至少有超過 1.26 億資產可能被盜。” “然而，滲透率限制會減緩可能造成的損害。”

Rate limiting mechanisms are employed to prevent or mitigate attacks designed to overwhelm systems by controlling the rate of request submissions.

採用速率限制機制來透過控制請求提交速率來防止或減輕旨在壓垮系統的攻擊。

The exploit became possible only after Cosmos developers introduced IBC middleware, a third-party application that allows ICS20 tokens (interchain token standard) to be transferred across chains.

只有在 Cosmos 開發人員引入 IBC 中間件（一種允許 ICS20 代幣（鏈間代幣標準）跨鏈傳輸的第三方應用程式）之後，漏洞才得以實現。

Asymmetric Research emphasized the vulnerability highlights the potential risks associated with introducing new features and functionalities, as well as the importance of implementing defense-in-depth strategies to protect blockchain ecosystems.

非對稱研究強調，該漏洞凸顯了與引入新特性和功能相關的潛在風險，以及實施深度防禦策略以保護區塊鏈生態系統的重要性。

"This vulnerability highlights the critical need for more research into cross-chain security risks to protect the multichain ecosystem better," the firm stated.

該公司表示：“這一漏洞凸顯了對跨鏈安全風險進行更多研究的迫切需要，以更好地保護多鏈生態系統。”

The Cosmos development team, led by Carlos Rodriguez, patched the vulnerability approximately three weeks ago, as evidenced by a GitHub commit.

由 Carlos Rodriguez 領導的 Cosmos 開發團隊大約三週前修復了漏洞，GitHub 提交證明了這一點。

In October 2022, another "critical" security vulnerability was identified in the IBC protocol, affecting all IBC-connected chains. However, a patch was released before the flaw could be exploited.

2022 年 10 月，IBC 協定中發現了另一個「嚴重」安全漏洞，影響了所有 IBC 連線的鏈。然而，在該缺陷被利用之前，已經發布了補丁。

The Cosmos network, known for its interoperable blockchain architecture, has experienced several security incidents in the past. In February 2023, a vulnerability in the Gravity Bridge, a cross-chain bridge connecting Cosmos to the Ethereum network, resulted in the theft of approximately $190 million in crypto assets.

Cosmos 網路以其可互通的區塊鏈架構而聞名，過去曾經歷過多次安全事件。 2023 年 2 月，連接 Cosmos 和以太坊網路的跨鏈橋重力橋 (Gravity Bridge) 中的漏洞導致約 1.9 億美元的加密資產被盜。

The recent IBC protocol vulnerability underscores the ongoing need for vigilance and continuous efforts to enhance the security of cross-chain communication protocols that facilitate the interoperability of different blockchain networks.

最近的 IBC 協議漏洞強調了我們需要持續保持警惕並不斷努力增強跨鏈通訊協議的安全性，以促進不同區塊鏈網路的互通性。