关键的 Cosmos 安全漏洞已得到解决，保护了 1.26 亿美元的数字资产

Cosmos 区块链的区块链间通信 (IBC) 协议中的一个关键安全漏洞已得到解决，可能节省 1.26 亿美元的数字资产。该漏洞通过 Cosmos HackerOne Bug Bounty 计划披露，可能导致对 Osmosis 等 IBC 连接区块链的重入攻击。速率限制减轻了潜在的损害，该漏洞自 2021 年以来一直存在，三周前由 Carlos Rodriguez 修复。该事件凸显了跨链技术的分层防御方法和安全研究的重要性。

Critical Security Flaw in Cosmos Blockchain Resolved, Protecting $126 Million in Digital Assets

Cosmos 区块链中的关键安全漏洞已得到解决，保护了 1.26 亿美元的数字资产

San Francisco, CA - Blockchain security firm Assymetric Research has disclosed a critical security flaw within the Inter-Blockchain Communication (IBC) protocol of the Cosmos blockchain network. The vulnerability, which could have potentially jeopardized $126 million in digital assets, was privately disclosed through the Cosmos HackerOne Bug Bounty program and has since been rectified.

加利福尼亚州旧金山 - 区块链安全公司 Assymetric Research 披露了 Cosmos 区块链网络的区块链间通信 (IBC) 协议中的一个严重安全缺陷。该漏洞可能会危及 1.26 亿美元的数字资产，该漏洞已通过 Cosmos HackerOne Bug Bounty 计划私下披露，并已得到纠正。

Vulnerability Assessment

漏洞评估

According to Assymetric Research, the flaw had the potential to exploit IBC-connected blockchains like Osmosis and other decentralized financial ecosystems within the Cosmos network. The security firm estimated that assets worth $126 million could have been compromised on Osmosis alone. However, rate limits, implemented as a preventive measure, likely mitigated further damage by restricting the number of requests processed per unit of time.

据 Assymetric Research 称，该缺陷有可能利用与 IBC 连接的区块链，例如 Osmosis 和 Cosmos 网络内的其他去中心化金融生态系统。该安全公司估计，仅 Osmosis 就可能导致价值 1.26 亿美元的资产受到损害。然而，作为预防措施实施的速率限制可能通过限制每单位时间处理的请求数量来减轻进一步的损害。

Discovery and Resolution

发现和解决

The vulnerability existed since the launch of ibc-go, the programming language implementation of IBC, in 2021. It was only discovered following the recent deployment of IBC middleware, facilitating the exchange of ICS20 tokens (interchain token standard) between different chains.

该漏洞自 2021 年 IBC 编程语言实现 ibc-go 推出以来就存在。直到最近部署 IBC 中间件，促进不同链之间 ICS20 代币（链间代币标准）的交换后才发现该漏洞。

Security Implications

安全影响

Another security organization, ADSL, emphasized the significance of this incident, highlighting the ease with which security assumptions can be breached and new vulnerabilities introduced when incorporating new functionalities into complex systems. It underscores the necessity for a layered defense approach and increased research into the security risks associated with cross-chain technologies.

另一个安全组织 ADSL 强调了这一事件的重要性，强调了在将新功能合并到复杂系统中时，安全假设很容易被破坏，并且会引入新的漏洞。它强调了分层防御方法的必要性，并加强了对与跨链技术相关的安全风险的研究。

Community Response

社区反应

The bug was addressed approximately three weeks ago by Cosmos developer Carlos Rodriguez, as evidenced by a GitHub commit. Notably, a previous 'critical' security issue within the IBC protocol was identified in October 2022 and promptly patched before exploitation could occur.

Cosmos 开发人员 Carlos Rodriguez 大约三周前解决了该错误，GitHub 提交证明了这一点。值得注意的是，IBC 协议中先前的一个“严重”安全问题于 2022 年 10 月被发现，并在漏洞利用发生之前立即进行了修补。

Ongoing Security Enhancements

持续的安全增强

The resolution of this security flaw underscores the ongoing efforts within the blockchain community to fortify the integrity and security of decentralized networks, safeguarding digital assets against potential threats and vulnerabilities. Developers and security researchers continue to work diligently to identify and address vulnerabilities, ensuring the security and trust of users within the growing blockchain ecosystem.

这一安全漏洞的解决突显了区块链社区为加强去中心化网络的完整性和安全性、保护数字资产免受潜在威胁和漏洞的持续努力。开发人员和安全研究人员继续努力识别和解决漏洞，确保不断发展的区块链生态系统中用户的安全和信任。

Conclusion

结论

This critical security flaw within the Cosmos blockchain network has been resolved, protecting $126 million in digital assets from potential compromise. The incident highlights the importance of ongoing security audits, vulnerability management, and collaboration within the blockchain community to ensure the integrity and security of decentralized networks.

Cosmos 区块链网络中的这一关键安全漏洞已得到解决，保护了价值 1.26 亿美元的数字资产免受潜在威胁。该事件凸显了区块链社区内持续安全审计、漏洞管理和协作的重要性，以确保去中心化网络的完整性和安全性。