Blockchain security firm Oak Security raised concerns about a weakness in the Cosmos Chain Software Development Kit (SDK) that could lead to a distributed service decline (DDOs) attacking the network. In a medium post, two of the company's researchers, Edward Kotysh and Christian vari explained why it was a major risk.
According to ResearchersThe weakness lies in the fact that startblock and endblock functions are not subject to gas measurement. This is by design, as it allows developers to have some free calculation time, as these two function does not necessarily affect the user's transactions.
However, security experts have warned that what is meant to be a minor leeway for developers can cause great damage to cosmos -based networks in many ways. This includes the cause of network congestion, affecting validators, or even leading to a complete flow.
They said:
“This freedom can be a double blade, and it can open a box of Pandora's potential weaknesses. The main issue is that if there are no gas limits, not properly optimized or malicious code on Startblock and Endblock can really be ruined.”
Researchers have tested their theories on the potential effect of weakness by conducting experiments. In one of the experiments, they introduced randomized delays in startblock function at different block heights, with delays from five seconds to one minute.
From the experiments, experts have confirmed that delays have led to significant network congestion, slowing their development and increasing time required to complete the blocks. It also affects validators, along with some of them not fulfilling blocks at the required times and completely missing the missing phases.
Not surprisingly, the limited number of validators available to sign transactions (less than two-thirds) mean the chain chain has experienced temporary outages. Researchers noted that this could result in a complete flow to the mainnet itself, where many transactions occur at the same time -at the same time need to be confined.
Oak Security recommends arrangements for developers
Meanwhile, security experts recommend solutions to adjust the weakness before being exploited by a bad actor. According to them, there is a need to implement strict calculation boundaries so that even anyone cannot add any vector attacks that will cause excessive calculation.
They have identified three different ways of implementing this solution. This includes increasing the complexity of time to startblock and endblock functions so that they do not run forever, wrapping context to maintain intensive resources in contexts, and validation of all functionality inputs.
In addition, they call for a more comprehensive trial and simulation to determine how the weakness and the potential of its impact can be exploited.
They also identified architectural care and operational monitoring to ensure that networks work through standard metrics and detect any significant deviation.
Cosmos SDK is launching a new version
Meanwhile, the Cosmos SDK has not commented on the security report and whether it will do anything to address the issue at their end. This may be because the determined weakness is actually a design feature and not a bug or malware, as recent security alerts in chain attacks.
Fortunately, developers who use the Cosmos SDK can implement most of the recommendations from security experts, allowing them to control what they put in and ensure that it is not vulnerable to DDOs attacks.
Noticeably, noticing, Cosmos SDK The version was recently launched V0.53.0. According to the X announcement, the version is a response to the pain points raised by the builders about the previous version.
The latest version has been reported with non -ordered transactions, improved capacity for community pools, custom management mechanisms, weather, and custom mininting. It also comes with bug arrangements, and developers can upgrade here to GitHub.
The Cosmos SDK is a tool for developers who can easily build their own -customize network and combine with the Cosmos Blockchain, a network looking to be the Internet of Blockchain.
Cryptopolitan Academy: Wanna grow your money in 2025? Learn how to do this with Defi on our upcoming webclass. I -save your place
