A recent vulnerability affecting the Cosmos ecosystem and Ethermint was recently discovered by crypto trading firm Jump Crypto and blocked before it could cause an impact of as much as "eight figures" in U.S. dollars, Cosmos developers Evmos told WJB.
The compromised network in this incident was Ethermint, which enables the use of Ethereum smart contracts within the Cosmo ecosystem and is employed by several chains, including Cronos, Kava and Canto.
The bug could have potentially allowed an attacker to bypass specific smart contract functions called handlers, leading to transaction fee theft and denial of service to users.
Immediately upon receiving the report, the Evmos Core Development team and the Cronos team collaborated with Jump Crypto to address the issue. The implementation included a patch to block transactions with "MsgEthereumTx" messages, allowing to the elimination of the attack vector.
No malicious exploitation occurred, ensuring the continued stability and reliability of the affected chains.
The Cronos team awarded Jump Crypto a $25,000 bounty for discovering and disclosing the vulnerability.
Evmos said that the root cause of the vulnerability lay in the improper handling of transactional messages in the Ethermint implementation, specifically the interaction between the MsgEthereumTx message and the MsgExec message.
The MsgExec message is used in the Cosmos SDK to allow authorized message execution by allowing one account to grant authorization to another account. However, this feature was not properly secured, allowing the attacker to bypass the ‘EthGasConsumeDecorator,’ which is responsible for deducting gas fees from transactions.
The attacker exploited the vulnerability by embedding a MsgEthereumTx message inside a MsgExec message. This bypassed the EthGasConsumeDecorator, resulting in the attacker not paying gas fees for their transactions.
DISCLOSURE
Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.The leader in news and information on cryptocurrency, digital assets and the future of money, WJB is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. WJB is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain WJB employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. WJB journalists are not allowed to purchase stock outright in DCG.
:format(webp)/s3.amazonaws.com/arc-authors/coindesk/6c6bb5af-692c-4fcf-9f8b-a75d0549effd.png)
Shaurya Malwa
Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.
Follow @shauryamalwa on Twitter
Shaurya Malwa
Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.
Follow @shauryamalwa on Twitter
source:coindesk
Polkadot was launched in May 2020. In a market dominated by Bitcoin and Ethereum, it quickly established itself as the next generation blockchain. The scale and interoperability problems limit Bitcoin's ability to transfer value without the assistance of
For some newcomers to the currency circle, they are not familiar with the investment in the currency circle, and their understanding of the special currency is not very deep. Therefore, they may be at a loss in the choice of investment methods. Many inves
Lummis is a well-known crypto advocate on Capitol Hill with over $100,000 in crypto.
Several analysts argue that shrimp accumulation is good for the Bitcoin network because it makes the asset more decentralized over time.
ARK Invest filed for a spot Bitcoin ETF in collaboration with 21Shares long before BlackRock did, and its application is reportedly first in line for the SEC’s approval.
Interestingly, the price surge was on the back of increased activity from whales, as indicated by on-chain data. The increased activity led to an increased"/>
Recent market dynamics have seen Solana struggling to break above the $200 mark. A notable bearish factor among these market fundamentals is the recent"/>
DOGE, the internet's favorite memecoin, is back in the spotlight. Recent data reveals a surge in futures market activity, coupled with bullish technical"/>
The recent stratospheric rise of Bitcoin, reaching a new all-time high of $73,000, has sent ripples of excitement and trepidation through the crypto world."/>
Co-founder of Tornado Cash Roman Storm has filed a motion to dismiss the charges levied against him by the US Department of Justice (DOJ)."/>
On Thursday, March 28, a hack occurred on Prisma Finance, a decentralized lending protocol on the Ethereum network. The exploiter carted away about 3,257.7"/>
Once fully licensed in Dubai, Bybit plans to run a full-scope exchange, offering crypto lending, payments, investment and other services.
Tue, 18 Apr 2023