Developers of the Cosmos blockchain recently resolved a critical security flaw within their Inter-Blockchain Communication (IBC) protocol, which could have potentially jeopardized $126 million in digital assets, as reported by a blockchain security firm.
According to the security firm, Assymetric Research, the flaw, which could lead to a re-entrancy attack, was privately disclosed through the Cosmos HackerOne Bug Bounty program and has since been rectified.
The vulnerability, identified by Assymetric Research, had the potential to exploit IBC-connected blockchains like Osmosis and other decentralized financial ecosystems within the Cosmos network. The security firm estimated that assets worth $126 million could have been compromised on Osmosis alone, though rate limits likely mitigated further damage.
Rate limits, implemented as a preventive measure, restrict the number of requests processed per unit of time, thus minimizing the impact of potential cyber attacks.
Reports indicate that the flaw persisted since the launch of ibc-go, the programming language implementation of IBC, in 2021. It was only discovered following the recent deployment of IBC middleware, facilitating the exchange of ICS20 tokens (interchain token standard) between different chains.
ADSL, another security organization, emphasized the significance of this incident, stating that it underscores the ease with which security assumptions can be breached and new vulnerabilities introduced when incorporating new functionalities. It also highlights the necessity for a layered defense approach and increased research into the security risks associated with cross-chain technologies.
The bug was addressed approximately three weeks ago by Cosmos developer Carlos Rodriguez, as evidenced by a GitHub commit. Notably, a previous ‘critical’ security issue within the IBC protocol was identified in October 2022 and promptly patched before exploitation could occur.
The resolution of this security flaw underscores the ongoing efforts within the blockchain community to fortify the integrity and security of decentralized networks, safeguarding digital assets against potential threats and vulnerabilities.