The core team members of the Cosmos and Osmosis teams have been extensively auditing IBC in the aftermath of the BSC exploit. They have discovered a critical security vulnerability that impacts all IBC-enabled Cosmos chains, for all versions of IBC.
Cosmos co-founder, Ethan Buchman announced the existence of a “critical security vulnerability”. He also assured the community, “we have been working tirelessly with core development teams and validators across the ecosystem to make the patch available privately and ensure chains are patched before communicating publicly.”
Steps have already been taken to ensure that all major public IBC-enabled chains have been patched.
The Cosmos team communicated with the creators of key IBC projects to make sure the network would have a patch before the vulnerability could be exploited against it.
A public version of the patch will be released in the CosmosSDK v0.45.9 within 24 hours at 14:00 UTC on Friday, October 14, 2022. All chains and validators are advised to immediately update to the new released patch, even if they have already done so privately.
Validators can deploy the patch individually without a chain-halt and it should be applied as soon as possible. That said, it is still possible that validators and/or chains will halt during the upgrade process. If this happens, validators are advised to contact [email protected] immediately.
Also Read: A quick Glance on Cosmos 2.0