Cosmos Devs Fix Critical Security Bug
Developers from Cosmos have addressed a “critical” vulnerability in their Inter-Blockchain Communication (IBC) protocol, which could have potentially put at least $126 million in assets at risk.
According to a blockchain security firm, Asymmetric Research, which privately notified Cosmos of the issue, the vulnerability has been fixed through the Cosmos HackerOne Bug Bounty program.
The firm emphasizes that no malicious attacks took place and no funds were lost. The bug could have allowed a hacker to steal assets on IBC-connected chains like Osmosis and other decentralized finance ecosystems on Cosmos by exploiting a reentrancy attack.
However, Asymmetric Research notes that rate limits on Osmosis would have slowed down the potential damage.
The bug was found in ibc-go, which has been in existence since 2021, but only recently became exploitable after Cosmos developers launched a new third-party application called IBC middleware.