Cosmos 生態系統中的關鍵安全漏洞受到挫敗；超過 1.26 億美元的保護

Cosmos 開發人員修復了 Cosmos 區塊鏈間通訊 (IBC) 協議中的一個關鍵安全漏洞。該漏洞影響至少 1.26 億美元，允許潛在的利用來鑄造無限的 IBC 代幣。非對稱研究公司私下報告了該問題，並確認沒有發生惡意行為，也沒有資金損失。由於 Cosmos SDK 生態系統的最新發展，自 IBC-go 誕生以來就存在的錯誤變得可利用。

Critical Security Breach Averted in Cosmos Ecosystem: Over $126 Million Saved

Cosmos 生態系統避免了嚴重的安全漏洞：節省了超過 1.26 億美元

By [Your Name]

作者：[你的名字]

Cosmos Network, April 18, 2023

宇宙網絡，2023 年 4 月 18 日

In a timely and decisive move, Cosmos developers have successfully patched a critical security flaw in the Inter Blockchain Communication (IBC) protocol, preventing a potential loss of over $126 million.

Cosmos 開發人員採取了及時且果斷的舉措，成功修復了區塊鏈間通訊 (IBC) 協議中的一個關鍵安全漏洞，避免了超過 1.26 億美元的潛在損失。

Vulnerability Details

漏洞詳情

According to cybersecurity firm Asymmetric Research, the vulnerability, which had remained dormant within the IBC protocol, recently became exploitable due to changes in the protocol's codebase. The flaw allowed for a reentrancy attack, whereby an attacker could have minted an infinite amount of IBC tokens on affected Cosmos chains.

據網路安全公司 Asymmetry Research 稱，該漏洞在 IBC 協議中一直處於休眠狀態，最近由於協議程式碼庫的變化而變得可利用。該缺陷允許重入攻擊，攻擊者可以在受影響的 Cosmos 鏈上鑄造無限量的 IBC 代幣。

Asymmetric Research promptly disclosed the vulnerability to the Cosmos HackerOne Bug Bounty program, and the issue was swiftly addressed by the IBC-go team.

Asymmetry Research 立即向 Cosmos HackerOne Bug Bounty 計畫揭露了該漏洞，IBC-go 團隊也迅速解決了這個問題。

"No malicious exploitation took place, and no funds were lost," Asymmetric Research confirmed in a blog post.

「沒有發生惡意利用，也沒有資金損失，」非對稱研究在一篇部落格文章中證實。

Potential Impact

潛在影響

The vulnerability's potential impact was significant. As many as 126 million dollars' worth of assets could have been stolen from Osmosis and other decentralized finance ecosystems within the Cosmos ecosystem had the attack been exploited.

該漏洞的潛在影響是巨大的。如果利用這次攻擊，Osmosis 和 Cosmos 生態系統內的其他去中心化金融生態系統的價值可能高達 1.26 億美元。

"Rate limiting on Osmosis slows down the damage that could be caused," Asymmetric Research noted, highlighting the importance of security measures in mitigating potential attacks.

Asymmetry Research 指出：“滲透率限制可以減緩可能造成的損害”，並強調了安全措施在減輕潛在攻擊方面的重要性。

Impact Assessment and Remediation

影響評估和修復

Upon receiving the vulnerability report, Amulet, a firm engaged by the Interchain Foundation to coordinate security on the Cosmos ecosystem, conducted independent risk-based impact assessments to identify potentially affected parties.

在收到漏洞報告後，Interchain 基金會聘請的 Amulet 負責協調 Cosmos 生態系統的安全，該公司進行了獨立的基於風險的影響評估，以確定潛在受影響的各方。

Working closely with the IBC-go team, Amulet coordinated the implementation of the patch, ensuring the prompt resolution of the issue.

Amulet 與 IBC-go 團隊密切合作，協調補丁的實施，確保問題得到及時解決。

Call for Enhanced Cross-Chain Security Research

呼籲加強跨鏈安全研究

The vulnerability underscores the need for enhanced research into cross-chain security risks. As the multichain ecosystem continues to evolve, it is crucial to identify and address potential vulnerabilities to protect the integrity of the digital economy.

此漏洞強調需要加強跨鏈安全風險的研究。隨著多鏈生態系統的不斷發展，識別和解決潛在的漏洞以保護數位經濟的完整性至關重要。

Jonathan Claudius, CEO of Asymmetric Research, emphasized the importance of such research: "This vulnerability highlights the critical need for more research into cross-chain security risks to protect the multichain ecosystem better."

Asymmetry Research 執行長 Jonathan Claudius 強調了此類研究的重要性：“該漏洞凸顯了對跨鏈安全風險進行更多研究的迫切需要，以更好地保護多鏈生態系統。”

Industry Response

業界反應

The prompt and effective response to this vulnerability demonstrates the commitment of the Cosmos ecosystem to security and transparency.

對這一漏洞的迅速有效的回應體現了 Cosmos 生態系統對安全性和透明度的承諾。

"This case demonstrates our capability and ongoing efforts to discover and neutralize existential threats that could undermine the digital economy," Claudius added.

克勞迪斯補充道：“這個案例展示了我們發現和消除可能破壞數位經濟的現有威脅的能力和持續努力。”