All chains running CometBFT should look into this unpatched 0-day vulnerability instead of relying on Cosmos
Some non-Cosmos chains I know of that use CometBFT: BNB Chain, Polygon (POS), Sei, Thorchain, etc
This vulnerability can potentially lead to nodes getting DDoSed, or worse the chain halting if validators start going offline
BNB AI BNB 價格歷史 USD
BNB AI 社交媒體動態
I’m disclosing a 0-day vulnerability in the Cosmos consensus layer (CometBFT).
This is a CVSS 7.1 (High) severity issue that can cause nodes in the Cosmos ecosystem—which secures over $8B+ in assets—to stall during the block synchronization phase. However, direct asset theft is not possible using this vulnerability.
I made every effort to follow Coordinated Vulnerability Disclosure (CVD) for the safety of the ecosystem; however, due to the vendor’s lack of cooperation and irresponsible decisions, I have decided to proceed with disclosure.
This action is taken in accordance with the vendor’s final decision. All resulting security risks are solely the responsibility of the vendor, and I will therefore disclose both the vendor’s irresponsible handling and the detailed vulnerability information in this thread.
Crypto Bridge hacks in the past 5 years:
- Poly Network, $611m
- Ronin, $624m
- Wormhole, $326m
- Nomad, $190m
- BNB Bridge, $586m
And yet, after this and 2 weeks after the Drift hack, the KelpDAO team were still happy using a SINGLE verifier system?
Clown show.
Exchange Tokens Across Major CEXs
1. @Binance - $BNB
2. @MEXC - $MX
3. @Kucoincom - $KCS
4. @Gate - $GT
5. @Bybit_Official - $MNT
6. @Cryptocom - $CRO
7. @OKX - $OKB
8. @Bitget - $BGB
9. @HTX_Global - $HT
Do you hold any of these?
For the full breakdown and deeper insights into spot CEX trading, check out our latest report 👇
https://t.co/drMflsYrLr
