Cosmos developers have patched a critical security bug in the Cosmos Inter Blockchain Communication (IBC) protocol that had put at least $126 million at risk.
Asymmetric Research had privately disclosed details of the vulnerability impacting the Cosmos ecosystem, adding that it was patched before anyone could exploit it.
Critical Security Bug
According to Asymmetric Research, the Inter Blockchain Protocol always had the bug. However, it only recently became exploitable thanks to developments in the protocol’s codebase. Once Cosmos was notified of the issue, the vulnerability was quickly patched before anyone could exploit it. Asymmetric Research stated in a blog post,
“A reentrancy vulnerability during the handling of timeout messages could have allowed an attacker to mint an infinite amount of IBC tokens on affected Cosmos chains. While this vulnerability has existed in IBC-go since the beginning, it only became exploitable due to recent developments in the Cosmos SDK ecosystem, specifically CosmWasm-based IBC middleware. We privately disclosed the vulnerability through the Cosmos HackerOne Bug Bounty program, and the issue is now patched. No malicious exploitation took place, and no funds were lost.”
Jessy Irwin, the CEO of Amulet, a firm engaged by the Interchain Foundation to run its bug bounty program and coordinate security on the Cosmos ecosystem, confirmed that the issue was reported.
“During the coordination of this issue, both Amulet and the IBC-go team engaged in independent rounds of risk-based impact assessment to identify potentially impacted parties to mitigate its impact.”
Over $126 Million Were At Risk
According to Asymmetric Research, the bug could have allowed a reentrancy bug, which could have allowed hackers to mint infinite tokens on Inter-Blockchain Communication-Connected chains such as Osmosis and other decentralized finance ecosystems on Cosmos.
“We believe at least 126M+ in assets could have been stolen on Osmosis. However, rate limiting on Osmosis slows down the damage that could be caused.”
Rate limits can prevent or at least mitigate attacks attempting to overwhelm a system by controlling the rate at which requests are made. Developers on Cosmos launched a third-party application called the IBC-middleware, allowing the ICS20 (Interchain token standard) tokens to cross chains, making the bug exploitable. Asymmetric added in their blog post,
“This issue demonstrates how easy it is to break trust assumptions and introduce new vulnerabilities by adding new features and functionality. It is also another example of the importance of defense-in-depth. This vulnerability highlights the critical need for more Research into cross-chain security risks to protect the multichain ecosystem better.”
According to Asymmetric CEO Jonathan Claudius, the vulnerability highlights the need for more Research into cross-chain security risks to help protect the multichain ecosystem.
“This vulnerability highlights the critical need for more Research into cross-chain security risks to protect the multichain ecosystem better. This case demonstrates our capability and ongoing efforts to discover and neutralize existential threats that could undermine the digital economy.”
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.