- To fix the vulnerability, the Cosmos SDK will release a public version of the patch on October 14 at 14:00 UTC.
- The vulnerability became exposed after core developers of Cosmos and Osmosis ramped up security audits in light of a $100 million cross-chain bridge exploit on BNB Chain on October 6.
On October 13, Ethan Buchman, the co-founder of the Inter-blockchain Communication (IBC) network, exposed a vulnerability on the Cosmos Network’s forum. He stated that a critical security vulnerability had been discovered that “impacts all IBC-enabled Cosmos chains, for all versions of IBC.
The vulnerability became exposed after core developers of Cosmos and Osmosis ramped up security audits in light of a $100 million cross-chain bridge exploit on BNB Chain on October 6. Buchman has, however, reassured users that steps have already been taken to ensure that all major public IBC-enabled chains have been patched, stating:
“A chain is safe from the critical vulnerability as soon as ⅓ of its voting power has applied the patch. Chains should still seek to patch to ⅔ as quickly as possible once the official patch is released.”
He added that the team has been working tirelessly with core development teams and validators across the ecosystem to make the patch available privately and ensure chains are patched before communicating publicly. The patch was first made available privately to give developers and validators the time to update their chains before the vulnerability was publicized.
Buchman notes that over a third of a blockchain’s voting power must apply a patch for the project to be safe. He further urged all Cosmos chains and validators to upgrade to the public patch as soon as possible, even if they had already integrated the private patch. The Cosmos SDK will release a public version of the patch on October 14 at 14:00 UTC to fix the vulnerability.
Buchman added that validators of various Cosmos chains might halt their networks during the Friday upgrade. Cosmos Software Development Kit is a set of open-source tools for building decentralized applications. In Addition, developers can also use Cosmos SDK to build sovereign blockchain apps dubbed zones, serving as smart contracts instead of relying entirely on single Layer 1 chains.
Currently, there are 51 blockchains in the Cosmos ecosystem that support the IBC protocol, including Osmosis, Cosmos Hub, Axelar, Evmos, Injective, Juno, Sifchain, and Cronos.