CoinDesk reports that security researcher Doyeon Park posted on X, disclosing a zero-day vulnerability in Cosmos’s consensus layer (CometBFT). The vulnerability, rated CVSS 7.1 (High), could cause nodes within the Cosmos ecosystem to stall during block synchronization, though direct asset theft is not feasible. Assets secured by this ecosystem exceed $8 billion. The researcher followed the Coordinated Vulnerability Disclosure (CVD) process to ensure ecosystem safety; however, due to the vendor’s lack of cooperation and irresponsible decision-making, they decided to proceed with public disclosure based on the vendor’s final determination.
Security Researcher Discloses High-Severity 0day in Cosmos CometBFT
币界网Share
Summary
A security researcher disclosed a high-severity 0day vulnerability (CVSS 7.1) in Cosmos IBC, affecting CometBFT’s consensus layer. The flaw may disrupt node synchronization but does not permit asset theft. The researcher followed coordinated vulnerability disclosure (CVD) but made a public disclosure due to a slow response from the vendor. Cosmos IBC secures over $8 billion in cross-chain assets. Contract security remains a critical concern for blockchain developers.
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.