![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
Cosmos 開發人員修復了 Cosmos 區塊鏈間通訊 (IBC) 協議中的一個關鍵安全漏洞。該漏洞影響至少 1.26 億美元,允許潛在的利用來鑄造無限的 IBC 代幣。非對稱研究公司私下報告了該問題,並確認沒有發生惡意行為,也沒有資金損失。由於 Cosmos SDK 生態系統的最新發展,自 IBC-go 誕生以來就存在的錯誤變得可利用。
Critical Security Breach Averted in Cosmos Ecosystem: Over $126 Million Saved
Cosmos 生態系統避免了嚴重的安全漏洞:節省了超過 1.26 億美元
By [Your Name]
作者:[你的名字]
Cosmos Network, April 18, 2023
宇宙網絡,2023 年 4 月 18 日
In a timely and decisive move, Cosmos developers have successfully patched a critical security flaw in the Inter Blockchain Communication (IBC) protocol, preventing a potential loss of over $126 million.
Cosmos 開發人員採取了及時且果斷的舉措,成功修復了區塊鏈間通訊 (IBC) 協議中的一個關鍵安全漏洞,避免了超過 1.26 億美元的潛在損失。
Vulnerability Details
漏洞詳情
According to cybersecurity firm Asymmetric Research, the vulnerability, which had remained dormant within the IBC protocol, recently became exploitable due to changes in the protocol's codebase. The flaw allowed for a reentrancy attack, whereby an attacker could have minted an infinite amount of IBC tokens on affected Cosmos chains.
據網路安全公司 Asymmetry Research 稱,該漏洞在 IBC 協議中一直處於休眠狀態,最近由於協議程式碼庫的變化而變得可利用。該缺陷允許重入攻擊,攻擊者可以在受影響的 Cosmos 鏈上鑄造無限量的 IBC 代幣。
Asymmetric Research promptly disclosed the vulnerability to the Cosmos HackerOne Bug Bounty program, and the issue was swiftly addressed by the IBC-go team.
Asymmetry Research 立即向 Cosmos HackerOne Bug Bounty 計畫揭露了該漏洞,IBC-go 團隊也迅速解決了這個問題。
"No malicious exploitation took place, and no funds were lost," Asymmetric Research confirmed in a blog post.
「沒有發生惡意利用,也沒有資金損失,」非對稱研究在一篇部落格文章中證實。
Potential Impact
潛在影響
The vulnerability's potential impact was significant. As many as 126 million dollars' worth of assets could have been stolen from Osmosis and other decentralized finance ecosystems within the Cosmos ecosystem had the attack been exploited.
該漏洞的潛在影響是巨大的。如果利用這次攻擊,Osmosis 和 Cosmos 生態系統內的其他去中心化金融生態系統的價值可能高達 1.26 億美元。
"Rate limiting on Osmosis slows down the damage that could be caused," Asymmetric Research noted, highlighting the importance of security measures in mitigating potential attacks.
Asymmetry Research 指出:“滲透率限制可以減緩可能造成的損害”,並強調了安全措施在減輕潛在攻擊方面的重要性。
Impact Assessment and Remediation
影響評估和修復
Upon receiving the vulnerability report, Amulet, a firm engaged by the Interchain Foundation to coordinate security on the Cosmos ecosystem, conducted independent risk-based impact assessments to identify potentially affected parties.
在收到漏洞報告後,Interchain 基金會聘請的 Amulet 負責協調 Cosmos 生態系統的安全,該公司進行了獨立的基於風險的影響評估,以確定潛在受影響的各方。
Working closely with the IBC-go team, Amulet coordinated the implementation of the patch, ensuring the prompt resolution of the issue.
Amulet 與 IBC-go 團隊密切合作,協調補丁的實施,確保問題得到及時解決。
Call for Enhanced Cross-Chain Security Research
呼籲加強跨鏈安全研究
The vulnerability underscores the need for enhanced research into cross-chain security risks. As the multichain ecosystem continues to evolve, it is crucial to identify and address potential vulnerabilities to protect the integrity of the digital economy.
此漏洞強調需要加強跨鏈安全風險的研究。隨著多鏈生態系統的不斷發展,識別和解決潛在的漏洞以保護數位經濟的完整性至關重要。
Jonathan Claudius, CEO of Asymmetric Research, emphasized the importance of such research: "This vulnerability highlights the critical need for more research into cross-chain security risks to protect the multichain ecosystem better."
Asymmetry Research 執行長 Jonathan Claudius 強調了此類研究的重要性:“該漏洞凸顯了對跨鏈安全風險進行更多研究的迫切需要,以更好地保護多鏈生態系統。”
Industry Response
業界反應
The prompt and effective response to this vulnerability demonstrates the commitment of the Cosmos ecosystem to security and transparency.
對這一漏洞的迅速有效的回應體現了 Cosmos 生態系統對安全性和透明度的承諾。
"This case demonstrates our capability and ongoing efforts to discover and neutralize existential threats that could undermine the digital economy," Claudius added.
克勞迪斯補充道:“這個案例展示了我們發現和消除可能破壞數位經濟的現有威脅的能力和持續努力。”
免責聲明:info@kdj.com
所提供的資訊並非交易建議。 kDJ.com對任何基於本文提供的資訊進行的投資不承擔任何責任。加密貨幣波動性較大,建議您充分研究後謹慎投資!
如果您認為本網站使用的內容侵犯了您的版權,請立即聯絡我們(info@kdj.com),我們將及時刪除。
-
- Catzilla釋放:加密Vanguard的成員
- 2025-04-05 02:25:11
- Neiro和Ponke淡入了新的貓Memecoin刺激嗡嗡聲;投資者想知道這是否是加密牛跑步中的下一個突破。
-
-
- 在索拉納(Sol)(Sol)的動力學淡出的中間,以131美元的價格聚集
- 2025-04-05 02:20:12
- 如果銷售壓力繼續持續,分析師現在看到100美元的卡的潛在下降
-
- 如今,Polkadot(點-5.15%)加密貨幣沒有獲得任何市場愛情
- 2025-04-05 02:20:12
- 在過去三年中,Web3基金會的官方加密硬幣下降了80%,在過去的52周中下降了58%。
-
- XRP努力保持關鍵支持水平,因為更廣泛的市場下跌會加劇
- 2025-04-05 02:15:12
- Ripple最近確認其將RLUSD Stablecoin整合到波紋支付中的計劃被更廣泛的加密貨幣市場所掩蓋了
-
- Flowdesk加入廣州網絡的計劃,旨在創建用於抵押和保證金管理的高級鍊鍊解決方案
- 2025-04-05 02:15:12
- 加密貨幣做市商Flowdesk已成為Canton Network計劃的最新參與者
-
-
- RXR.LAB亮點:賭博行業的未來是分散的
- 2025-04-05 02:10:12
- 全球賭博行業的市場規模估計為2022年10萬億美元,預計2030年將達到14萬億美元
-
- 2025年最佳免費比特幣雲採礦平台
- 2025-04-05 02:06:15
- 本指南分析並編寫了最高免費和值得信賴的比特幣雲挖掘平台的綜合指南。