Home
News
Details

Cosmos Consensus Layer CometBFT Discloses High-Risk 0-Day Vulnerability

iconKuCoinFlash
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
ATOM
$1.80540.13%
AI summary iconSummary

expand icon
On April 21 (UTC+8), security researcher Doyeon Park disclosed a high-risk zero-day vulnerability in the Cosmos IBC Layer 1 blockchain consensus layer, CometBFT, with a CVSS score of 7.1. The flaw could cause nodes managing over $8 billion in assets to stall during block synchronization, though it does not enable asset theft. Technical details are available on GitHub, but no exploit code has been released. Park criticized Cosmos for rejecting public reports, marking his HackerOne submission as spam, and downgrading the severity. He warned validators not to restart nodes before a patch is applied, as exposure to malicious peers could lead to synchronization deadlocks.

ME News reports that on April 21 (UTC+8), security researcher Doyeon Park disclosed a 0-day vulnerability in Cosmos’s consensus layer (CometBFT), rated CVSS 7.1 (High). The vulnerability could cause Cosmos ecosystem nodes, supporting over $8 billion in assets, to stall during block synchronization—but it does not directly enable asset theft. Technical details have been published on GitHub, though the researcher has not yet released full exploit code. Doyeon Park stated that due to the Cosmos team’s lack of cooperation—including refusing to acknowledge the report, marking the HackerOne submission as spam, and downgrading the vulnerability’s severity in violation of international standards—he decided to publicly disclose the issue after multiple failed attempts at communication. Park has provided a “survival guide” for Cosmos validators, strongly advising against restarting nodes before a patch is released. The vulnerability triggers during block synchronization; if a node restarts and enters sync mode, exposure to malicious peer nodes could cause a deadlock, preventing it from rejoining the network. (Source: Foresight News)

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.