Verichains issues security advisories on security vulnerabilities on Tendermint Core

2023-3-9 19:05

Verichains has identified several significant vulnerabilities on Tendermint Core Projects using IAVL proof verification in Tendermint Core are advised to secure their assets to mitigate exploitation. Many popular projects including BNB Smart Chain (BSC) are built on Tendermint

Leading blockchain security firm Verichains has identified several significant vulnerabilities in Tendermint Core and as part of its Responsible Vulnerability Disclosure Policy has released two public advisories.

The first advisory titled VSA-2022-100 discusses a critical Empty Merkle Tree vulnerability in the IAVL proof. The second advisory is titled VSA-2022-101 and discusses a critical IAVL Spoofing Attack via multiple vulnerabilities on Tendermint Core.

Verichain advises that projects using IAVL-proof verification in Tendermint Core should secure their assets to mitigate exploitation risks.

Linked to recent BNB Chain bridge hack

Tendermint BFT consensus engine and Cosmos SDK are popular blockchain platforms that are used by several popular blockchain projects including the now defunct Terra (LUNA), Band Chain, OKX Chain, and BNB Smart Chain (BSC).

Verichains indicated that it discovered the Tendermint Core vulnerabilities while working on the BNB Chain bridge hack that took place in October last year. Security specialists, who identified the critical IAVL Spoofing Attack via multiple vulnerabilities found in BNB Chain and Tendermint, say it could have resulted in a significant loss of funds.

However, although the vulnerabilities were disclosed to the Tendermint/Cosmos maintainer, no patch was released for the Tendermint Core library since the Cosmos-SDK and IBC had migrated from IAVL Merkle proof verification to ICS-23.

Verichains Responsible Vulnerability Disclosure Policy

Verichains followed its Responsible Vulnerability Disclosure Policy to notify the public after the requisite 120 days. If not fixed, the critical nature of the bugs may lead to further hacks and consequent loss of funds, which in some cases could result in millions or even billions of dollars lost.

Verichains regularly posts the Security flaws and vulnerabilities that it identifies on its website for public consumption.

The post Verichains issues security advisories on security vulnerabilities on Tendermint Core appeared first on CoinJournal.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Core Group Asset (CORE) на Currencies.ru

$ 0 (+0.00%)
Объем 24H $0
Изменеия 24h: 0.00 %, 7d: 0.00 %
Cегодня L: $0 - H: $0
Капитализация $0 Rank 99999
Доступно / Всего 0 CORE

tendermint core verichains vulnerabilities security advised exploitation

Источник: coinjournal.net

tendermint core → Результатов: 14


В протоколе Tendermint обнаружена критическая уязвимость

В протоколе Tendermint Core, на базе которого работает кроссплатформенная блокчейн-платформа Cosmos, обнаружена критическая уязвимость. Recently, a high-severity security vulnerability that impacts all versions of Tendermint Core was reported.

2019-10-4 10:21


В тестовой сети Binance Chain состоялся хардфорк

8 апреля в тестовой сети Binance Chain, лежащей в основе децентрализованной биржи Binance DEX, состоялся хардфорк. По состоянию на 12:00 UTC, сервисы тестовой сети работают стабильно. #Binance Chain Testnet has completed its hardfork and the testnet services are stable.

2019-4-9 15:08


Партнеры Currencies.ru

Аналог Notcoin - Blum - Играй и зарабатывай Монеты



Реклама на Currencies.ru

Самое свежее на Currencies.ru