A recent vulnerability affecting Etherminta platform allowing the use of Ethereum smart contracts within the ecosystem Cosmoswas discovered by the trading and investment firm Jump Crypto. The compromised network is used by several chains, including Chronos, kava, Canto and Evmos. The quick reaction of the developers made it possible to avoid a possible exploit that could have been extremely expensive for the various chains concerned, according to the developers of Cosmos Evmos.
Jump Crypto discovers the flaw and collaborates with Evmos and Cronos
The flaw could have allowed an attacker to bypass specific smart contract functions called handlers. This would have resulted transaction fee theft and denial of service for users. The root cause of the vulnerability was due to poor handling of transactional messages in the implementation from Ethermintin particular the interaction between the message MsgEthereumTx and the message MsgExec.
Upon receipt of the vulnerability report, the development team from Evmos Core and the team of Chronos collaborated with Jump Crypto to solve the problem. The solution was to implement a fix to block transactions with messages MsgEthereumTx, effectively eliminating the attack vector. This rapid response ensured that no malicious exploitation took place, thereby maintaining the stability and reliability of the affected channels.
The Evmos team responded quickly, working with Jump Crypto and the Cronos team to implement a fix and effectively eliminate the attack vector and to secure the many channels affected.
Evmos, post-mortem blog
In recognition of the discovery and disclosure of the vulnerability by Jump Crypto, the team of Chronos awarded the giant a $25,000 bounty. Jump Crypto has generously announced that it wants to donate the bug bounty received to the organization Doctors Without Borders.
The article A flaw in the Cosmos ecosystem stopped in time saves millions of dollars appeared first on Corner Academy