• Latest
Tendermint Says Last Month’s Cosmos Vulnerability Exposed Security Loophole

Tendermint Says Last Month’s Cosmos Vulnerability Exposed Security Loophole

June 17, 2019
ygg sea surpasses 10,000 scholarships in just six months of launch

YGG SEA Surpasses 10,000 Scholarships in Just Six Months of Launch

May 6, 2022
mintable launches industry changing gas free minting service on ethereum

Mintable Launches Industry Changing Gas Free Minting Service on Ethereum

May 1, 2022
5 projects enabling smart contract development on bitcoin

5 Projects Enabling Smart Contract Development on Bitcoin

April 29, 2022
bitcoin atm installed in mexico's senate building

Bitcoin ATM installed in Mexico’s Senate Building

April 27, 2022
cross chain services play a crucial role in facilitating continued adoption of defi applications

Cross-Chain Services Play a Crucial Role in Facilitating Continued Adoption of DeFi Applications

April 26, 2022
justin sun launches usdd, integrating the blockchain world and the real world with the decentralized stablecoin

Justin Sun Launches USDD, Integrating the Blockchain World and the Real World with the Decentralized Stablecoin

April 25, 2022
nfts: the next musical revolution

NFTs: The Next Musical Revolution

April 24, 2022
things you should know before investing in nfts

Things You Should Know Before Investing in NFTs

April 24, 2022
what are wrapped tokens?

What Are Wrapped Tokens?

April 23, 2022
what is the future of ethereum (eth)?

What is the future of Ethereum (ETH)?

April 22, 2022
green gaming

Everything You Need to Know About Play-to-Earn on Algorand in 2022

April 21, 2022
$ape going bananas as rumors of upcoming land sale of bayc metaverse gather momentum

$APE Going Bananas As Rumors of Upcoming Land Sale of BAYC Metaverse Gather Momentum

April 21, 2022
  • Home
  • Coin Market Cap
  • Bitcoin
  • Ethereum
  • Ripple
  • Litecoin
  • Alt Coin
  • Business
  • Trading
  • Mining
CoinNewsDaily
  • Home
  • Coin Market Cap
  • Bitcoin
  • Ethereum
  • Ripple
  • Litecoin
  • Alt Coin
  • Business
  • Trading
  • Mining
No Result
View All Result
  • Home
  • Coin Market Cap
  • Bitcoin
  • Ethereum
  • Ripple
  • Litecoin
  • Alt Coin
  • Business
  • Trading
  • Mining
No Result
View All Result
CoinNewsDaily
No Result
View All Result
Home Tech

Tendermint Says Last Month’s Cosmos Vulnerability Exposed Security Loophole

coinnewsdaily by coinnewsdaily
June 17, 2019
in Tech
0
Tendermint Says Last Month’s Cosmos Vulnerability Exposed Security Loophole
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter

Related articles

ygg sea surpasses 10,000 scholarships in just six months of launch

YGG SEA Surpasses 10,000 Scholarships in Just Six Months of Launch

May 6, 2022
5 projects enabling smart contract development on bitcoin

5 Projects Enabling Smart Contract Development on Bitcoin

April 29, 2022

The developers behind the Cosmos network released today a full disclosure of last month’s “critical security vulnerability” which reportedly enabled hackers to bypass certain penalties for misbehavior on the network.

Zaki Manian, director at Tendermint Inc – the for-profit entity behind the core technology of the Cosmos network – detailed to Coindesk in an interview:

“The key is we want to make it really difficult to misbehave in the network and then un-stake your tokens immediately and escape the consequences of that misbehavior…like voting for something bad in governance [or] the more complex things are double signage against an exchange to potentially reverse state.”

Normally, Cosmos validators – which are the equivalent to miners on a proof-of-work blockchain network – that do misbehave either by voting haphazardly or signing off on false transactions are penalized by having their staked ATOM tokens slashed. This is made possible through a minimum wait period of 21 days that prevent validators from un-staking their ATOM tokens before the network is able to sufficiently detect and screen their actions.

As stated in today’s post by the Tendermint team, the code vulnerability discovered last month could enable a validator to bypass the full un-staking or “un-bonding” period “and have their funds immediately become liquid essentially insta-unbonding.”

“Within the first 24 hours of receiving the bug report, our tooling detected ~22 events total,” the team wrote.

Having gone live this past March, Cosmos is a relatively new blockchain network that is designed to improve the interoperability between differing blockchain platforms. A reported $16 million was raised in an initial coin offering back in 2017.

The security vulnerability disclosed today was actually found in “the staking module” of the Cosmos Software Development Kit (SDK) which debuted back in 2018 as a “state-of-the-art” blockchain toolkit. It was detailed at the time as “another way to build blockchains, safely and easily” in a prior blog post. 

Lessons learnt

Jessy Irwin, Tendermint’s head of security, said in interview with CoinDesk that while the vulnerability disclosed today is the first of its kind to impact the Cosmos main network, “it’s not the first bug that has been reported to us.”

“We’ve gone through seven security audits and we’ve had multiple issues raised and then we’ve also had a pretty active bug bounty program,” said Irwin. “We’ve invested quite a bit in the past year and a half since I joined the team in creating an environment where people report bugs instead of do nothing about them.”

The vulnerability, now fully patched on the Cosmos network, did require Cosmos validators to execute an emergency hard fork or system-wide upgrade. The update was activated on May 31 at block number 482,100.

Irwin highlighted that in order for this hard fork to execute successfully without resulting in a network split, urgent notice need to be pushed to all Cosmos validators and other service providers who were running Cosmos software on their computers.

Moving forward, Irwin told CoinDesk that one of the biggest lessons learnt from the security disclosure and upgrade process was a greater need for secure communication channels with Cosmos validators and other service providers.

Irwin emphasized:

“We’re really going to be advocating for our hub of validators and exchanges to open up their own channels for security communications … We are working really hard with our validator set to open that up so that next time we’re not running around and scrambling for information to get in touch with them.”

Zaki Manian image courtesy of Tendermint

Credit: Source link

Tags: Crypto Tech
Share76Tweet47
Previous Post

Stonewalled by FINRA, Up to 40 Crypto Securities Wait in Limbo for Launch

Next Post

BTC, ETH, XRP, LTC, BCH, EOS, BNB, BSV, XLM, ADA: Price Analysis 17/06

coinnewsdaily

coinnewsdaily

CoinNewsDaily.com is an online Crypto Coin News Website that aims to provide latest trendy news from market and around the world.

Related Posts

ygg sea surpasses 10,000 scholarships in just six months of launch
Alt Coin

YGG SEA Surpasses 10,000 Scholarships in Just Six Months of Launch

May 6, 2022
5 projects enabling smart contract development on bitcoin
Alt Coin

5 Projects Enabling Smart Contract Development on Bitcoin

April 29, 2022
bitcoin atm installed in mexico's senate building
Bitcoin

Bitcoin ATM installed in Mexico’s Senate Building

April 27, 2022
cross chain services play a crucial role in facilitating continued adoption of defi applications
Alt Coin

Cross-Chain Services Play a Crucial Role in Facilitating Continued Adoption of DeFi Applications

April 26, 2022
green gaming
Business

Everything You Need to Know About Play-to-Earn on Algorand in 2022

April 21, 2022
axie infinity: what are the minimum android phone requirements to play on mobile
Alt Coin

Axie Infinity: What Are the Minimum Android Phone Requirements to Play on Mobile

April 21, 2022
Load More
Next Post
BTC, ETH, XRP, LTC, BCH, EOS, BNB, BSV, XLM, ADA: Price Analysis 17/06

BTC, ETH, XRP, LTC, BCH, EOS, BNB, BSV, XLM, ADA: Price Analysis 17/06

Categories

  • Alt Coin
  • Bitcoin
  • Business
  • Ethereum
  • ICO
  • Litecoin
  • Mining
  • NFT
  • Ripple
  • Tech
  • Trading

What New here?

  • YGG SEA Surpasses 10,000 Scholarships in Just Six Months of Launch
  • Mintable Launches Industry Changing Gas Free Minting Service on Ethereum
  • 5 Projects Enabling Smart Contract Development on Bitcoin

Subscribe to Get More!

Loading
  • About Us
  • Contact Us
  • Privacy & Policy

© 2018-2021 CoinNewsDaily.com by CoinNewsDaily Inc. Crafted with Love by iFtiDev

No Result
View All Result
  • Home
  • Coin Market Cap
  • Bitcoin
  • Ethereum
  • Ripple
  • Litecoin
  • Alt Coin
  • Business
  • Trading
  • Mining

© 2018-2021 CoinNewsDaily.com by CoinNewsDaily Inc. Crafted with Love by iFtiDev

  • bitcoinBitcoin(BTC)$20,142.00-0.86%
  • ethereumEthereum(ETH)$1,109.53-4.31%
  • tetherTether(USDT)$1.000.01%
  • binancecoinBNB(BNB)$219.84-5.56%
  • rippleXRP(XRP)$0.330371-3.20%
  • cardanoCardano(ADA)$0.466792-1.75%
  • SolanaSolana(SOL)$34.23-5.34%
  • dogecoinDogecoin(DOGE)$0.0694732.27%
  • polkadotPolkadot(DOT)$7.07-5.40%
  • daiDai(DAI)$1.000.02%
  • Shiba InuShiba Inu(SHIB)$0.0000101.69%
  • tronTRON(TRX)$0.064854-4.07%
  • leo-tokenLEO Token(LEO)$5.912.92%
  • matic-networkPolygon(MATIC)$0.496881-3.34%
  • litecoinLitecoin(LTC)$53.370.02%
  • FTXFTX(FTT)$24.99-3.66%
  • OKBOKB(OKB)$12.061.62%
  • CronosCronos(CRO)$0.117930-2.90%
  • chainlinkChainlink(LINK)$6.29-1.63%
  • stellarStellar(XLM)$0.111002-3.85%
  • moneroMonero(XMR)$120.381.86%
  • cosmosCosmos Hub(ATOM)$7.34-2.59%
  • algorandAlgorand(ALGO)$0.300805-4.79%
  • ethereum-classicEthereum Classic(ETC)$15.24-3.40%
  • bitcoin-cashBitcoin Cash(BCH)$106.150.16%
  • vechainVeChain(VET)$0.022875-5.18%
  • tezosTezos(XTZ)$1.50-4.00%
  • Internet ComputerInternet Computer(ICP)$5.40-1.70%
  • theta-tokenTheta Network(THETA)$1.23-3.46%
  • filecoinFilecoin(FIL)$5.47-1.54%
  • ElrondElrond(EGLD)$50.84-4.80%
  • bitcoin-cash-svBitcoin SV(BSV)$57.09-1.78%
  • eosEOS(EOS)$0.94-1.86%
  • paxos-standardPax Dollar(USDP)$1.00-0.02%
  • AaveAave(AAVE)$60.17-4.86%
  • makerMaker(MKR)$924.03-3.34%
  • huobi-tokenHuobi(HT)$5.02-3.96%
  • iotaIOTA(MIOTA)$0.271498-3.48%
  • zcashZcash(ZEC)$58.16-3.01%
  • neoNEO(NEO)$8.66-5.45%
  • basic-attention-tokenBasic Attention(BAT)$0.3853301.11%
  • zilliqaZilliqa(ZIL)$0.039641-6.06%
  • havvenSynthetix Network(SNX)$2.505.73%
  • wavesWaves(WAVES)$5.34-4.50%
  • dashDash(DASH)$45.30-4.09%
  • PancakeSwapPancakeSwap(CAKE)$3.06-7.03%
  • KusamaKusama(KSM)$49.28-3.54%
  • nemNEM(XEM)$0.039323-3.98%
  • Elrond ERDElrond ERD(ERD)$0.0259290.00%
  • CompoundCompound(COMP)$47.87-2.67%
  • ethlendAave [OLD](LEND)$4.103.48%
  • qtumQtum(QTUM)$2.87-3.38%
  • bitcoin-goldBitcoin Gold(BTG)$16.07-4.86%
  • omisegoOMG Network(OMG)$1.86-3.15%
  • golemGolem(GLM)$0.234208-5.51%
  • SushiSushi(SUSHI)$1.06-4.96%
  • ontologyOntology(ONT)$0.232383-3.48%
  • yearn-financeyearn.finance(YFI)$5,596.50-3.94%
  • umaUMA(UMA)$2.56-2.46%
  • digibyteDigiByte(DGB)$0.009327-2.81%
  • UniswapUniswap(UNI)$2.4438.80%
Posting....