Cosmos 区块链抵御关键安全漏洞，防止 1.26 亿美元被盗

Cosmos 区块链的区块链间通信 (IBC) 协议面临安全漏洞，据报道使 1.26 亿美元的资产面临风险。 Assymetric Research 检测到的该漏洞可能会导致重入攻击，从而允许黑客在 Osmosis 等连接 IBC 的区块链上生成无限代币。尽管该缺陷自 2021 年推出 ibc-go 以来就存在，但只是在实施新的 IBC 中间件后才被发现。 Cosmos 开发人员 Carlos Rodriguez 此后修复了该错误，强调了跨链技术中安全性的挑战和重要性。

Cosmos Blockchain Addresses Critical Security Vulnerabilities, Preventing Potential Loss of $126 Million

Cosmos 区块链解决了关键安全漏洞，避免了 1.26 亿美元的潜在损失

In a report issued by blockchain security firm Assymetric Research, it was revealed that a severe security flaw within the Inter-Blockchain Communication (IBC) protocol of the Cosmos blockchain has been successfully remediated. The vulnerability, had it been exploited, could have led to the theft of digital assets worth approximately $126 million.

区块链安全公司 Assymetric Research 发布的一份报告显示，Cosmos 区块链的区块链间通信（IBC）协议中的严重安全缺陷已被成功修复。如果该漏洞被利用，可能会导致价值约 1.26 亿美元的数字资产被盗。

The flaw, which was confidentially reported through the Cosmos HackerOne Bug Bounty program, was deemed capable of facilitating a "re-entrancy attack." Such an attack would have allowed an attacker to generate an infinite number of tokens on blockchains connected via the IBC protocol, including Osmosis and other decentralized financial ecosystems within the Cosmos network.

该漏洞是通过 Cosmos HackerOne Bug Bounty 计划秘密报告的，被认为能够促进“重入攻击”。这种攻击允许攻击者在通过 IBC 协议连接的区块链上生成无限数量的代币，包括 Osmosis 和 Cosmos 网络内的其他去中心化金融生态系统。

"Our analysis suggests that at least $126 million in assets could have been stolen from Osmosis, but the implemented rate limits likely prevented a more severe loss," stated Assymetric Research. Rate limits are technical safeguards designed to limit the volume of requests that can be processed within a specific time frame, thus mitigating the potential harm caused by cyberattacks.

Assymetric Research 表示：“我们的分析表明，Osmosis 至少有 1.26 亿美元的资产可能被盗，但实施的利率限制可能会阻止更严重的损失。”速率限制是一种技术保障措施，旨在限制在特定时间范围内可以处理的请求量，从而减轻网络攻击造成的潜在危害。

The report further disclosed that the vulnerability had been present since the inception of ibc-go, the programming language implementation of IBC, in 2021. The issue remained undetected until the recent deployment of IBC middleware, a software component that facilitates the transfer of ICS20 (interchain) tokens across disparate blockchains.

该报告进一步披露，该漏洞自 2021 年 IBC 编程语言实现 ibc-go 诞生以来就一直存在。直到最近部署了 IBC 中间件（一种促进 ICS20 传输的软件组件），该问题才被发现。跨链）跨不同区块链的代币。

"This incident underscores the susceptibility of security assumptions to violation and the introduction of novel vulnerabilities as new functionalities are incorporated," emphasized ADSL, another security organization. "It also underscores the necessity of comprehensive defense mechanisms and increased research on the security implications of cross-chain technologies."

另一个安全组织 ADSL 强调说：“这一事件凸显了安全假设很容易被违反，并且随着新功能的加入，会引入新的漏洞。” “它还强调了全面防御机制的必要性以及加强对跨链技术安全影响的研究。”

The vulnerability was successfully resolved approximately three weeks ago by Cosmos developer Carlos Rodriguez, as evidenced by a GitHub commit. Notably, a previous "critical" security issue affecting the same IBC protocol was detected in October 2022 but was promptly patched before any exploitation could occur.

大约三周前，Cosmos 开发人员 Carlos Rodriguez 成功解决了该漏洞，GitHub 提交证明了这一点。值得注意的是，之前的一个影响同一 IBC 协议的“严重”安全问题于 2022 年 10 月被发现，但在任何利用发生之前得到了及时修补。