Cosmos 生态系统中的关键安全漏洞受到挫败；超过 1.26 亿美元的保护

Cosmos 开发人员修复了 Cosmos 区块链间通信 (IBC) 协议中的一个关键安全漏洞。该漏洞影响至少 1.26 亿美元，允许潜在的利用来铸造无限的 IBC 代币。非对称研究公司私下报告了该问题，并确认没有发生恶意行为，也没有资金损失。由于 Cosmos SDK 生态系统的最新发展，自 IBC-go 诞生以来就存在的错误变得可利用。

Critical Security Breach Averted in Cosmos Ecosystem: Over $126 Million Saved

Cosmos 生态系统避免了严重的安全漏洞：节省了超过 1.26 亿美元

By [Your Name]

作者：[你的名字]

Cosmos Network, April 18, 2023

宇宙网络，2023 年 4 月 18 日

In a timely and decisive move, Cosmos developers have successfully patched a critical security flaw in the Inter Blockchain Communication (IBC) protocol, preventing a potential loss of over $126 million.

Cosmos 开发人员采取了及时而果断的举措，成功修复了区块链间通信 (IBC) 协议中的一个关键安全漏洞，避免了超过 1.26 亿美元的潜在损失。

Vulnerability Details

漏洞详情

According to cybersecurity firm Asymmetric Research, the vulnerability, which had remained dormant within the IBC protocol, recently became exploitable due to changes in the protocol's codebase. The flaw allowed for a reentrancy attack, whereby an attacker could have minted an infinite amount of IBC tokens on affected Cosmos chains.

据网络安全公司 Asymmetry Research 称，该漏洞在 IBC 协议中一直处于休眠状态，最近由于协议代码库的变化而变得可利用。该缺陷允许重入攻击，攻击者可以在受影响的 Cosmos 链上铸造无限量的 IBC 代币。

Asymmetric Research promptly disclosed the vulnerability to the Cosmos HackerOne Bug Bounty program, and the issue was swiftly addressed by the IBC-go team.

Asymmetry Research 立即向 Cosmos HackerOne Bug Bounty 计划披露了该漏洞，IBC-go 团队也迅速解决了该问题。

"No malicious exploitation took place, and no funds were lost," Asymmetric Research confirmed in a blog post.

“没有发生恶意利用，也没有资金损失，”非对称研究在一篇博客文章中证实。

Potential Impact

潜在影响

The vulnerability's potential impact was significant. As many as 126 million dollars' worth of assets could have been stolen from Osmosis and other decentralized finance ecosystems within the Cosmos ecosystem had the attack been exploited.

该漏洞的潜在影响是巨大的。如果利用这次攻击，Osmosis 和 Cosmos 生态系统内的其他去中心化金融生态系统的价值可能高达 1.26 亿美元。

"Rate limiting on Osmosis slows down the damage that could be caused," Asymmetric Research noted, highlighting the importance of security measures in mitigating potential attacks.

Asymmetry Research 指出：“渗透率限制可以减缓可能造成的损害”，并强调了安全措施在减轻潜在攻击方面的重要性。

Impact Assessment and Remediation

影响评估和修复

Upon receiving the vulnerability report, Amulet, a firm engaged by the Interchain Foundation to coordinate security on the Cosmos ecosystem, conducted independent risk-based impact assessments to identify potentially affected parties.

收到漏洞报告后，Interchain 基金会聘请的 Amulet 负责协调 Cosmos 生态系统的安全，该公司进行了独立的基于风险的影响评估，以确定潜在受影响的各方。

Working closely with the IBC-go team, Amulet coordinated the implementation of the patch, ensuring the prompt resolution of the issue.

Amulet 与 IBC-go 团队密切合作，协调补丁的实施，确保问题得到及时解决。

Call for Enhanced Cross-Chain Security Research

呼吁加强跨链安全研究

The vulnerability underscores the need for enhanced research into cross-chain security risks. As the multichain ecosystem continues to evolve, it is crucial to identify and address potential vulnerabilities to protect the integrity of the digital economy.

该漏洞强调需要加强对跨链安全风险的研究。随着多链生态系统的不断发展，识别和解决潜在的漏洞以保护数字经济的完整性至关重要。

Jonathan Claudius, CEO of Asymmetric Research, emphasized the importance of such research: "This vulnerability highlights the critical need for more research into cross-chain security risks to protect the multichain ecosystem better."

Asymmetry Research 首席执行官 Jonathan Claudius 强调了此类研究的重要性：“该漏洞凸显了对跨链安全风险进行更多研究的迫切需要，以更好地保护多链生态系统。”

Industry Response

业界反应

The prompt and effective response to this vulnerability demonstrates the commitment of the Cosmos ecosystem to security and transparency.

对这一漏洞的迅速有效的响应体现了 Cosmos 生态系统对安全性和透明度的承诺。

"This case demonstrates our capability and ongoing efforts to discover and neutralize existential threats that could undermine the digital economy," Claudius added.

克劳迪斯补充道：“这个案例展示了我们发现和消除可能破坏数字经济的现有威胁的能力和持续努力。”