Oak Security Oak Security has sparked OAK Security concerns about the security vulnerability in the COSMOS (SDK) software development group, which can lead to a DDOS -distributed attack on the network. In a medium job, two of the company’s researchers, Edward Cotich and Cristian Varie, explained the reason for a high risk.
According to ResearchersThe weakness is the fact that Beginblock and Endblock functions are not subject to gas measuring. This is according to the design, because it enables the developers to get some free account time, because these two functions do not necessarily affect the user transactions.
However, security experts have warned that what was supposed to have a simple time for developers may actually cause great damage to the universe networks in several ways. This causes network congestion, influence on auditors, or even lead to a complete interruption.
They said:
“This freedom can be a two -edged sword, and it can open a box of potential weaknesses in Pandora. The main issue is that without gas borders, the improved or malicious code can really perform in Beginblock and Endblock really.”
The researchers tested their theories on the potential effect of weakness by conducting experiments. In one of the experiments, they introduced the random delays of Beginblock at the heights of different blocks, with a delay ranging from five seconds to one minute.
From the experiments, the experts confirmed that the delay led to great congestion in the network, which slows its progress and increases the time required to complete the blocks. It also affected the auditors, as many of them failed to sign blocks at the required times and some of the stages of the voting completely.
It is not surprising that the limited number of auditors available to sign transactions (less than two -thirds) means that the test series has witnessed a temporary interruption. The researchers indicated that this may lead to a complete interruption on the Mainnet itself, as there are many transactions that occur simultaneously to be completed.
Oak Security recommends repairs to developers
Meanwhile, security experts recommended solutions to the weakness before the bad actor exploited it. According to them, a strict account limits are needed so that no person can simply add any attack that will lead to an excessive account.
Select three different ways to implement this solution. This includes adding time complexity to the BEGINBLOCK and Endblock functions so that they are not operated indefinitely, wrap the context to maintain intense resource operations in size contexts, and check all inputs to the job.
In addition, they called for a more comprehensive test and simulation to determine how to use weakness and the possibility of its effect.
They also identified the architectural and operational surveillance prize to ensure networks work through standard standards and discover any major deviation.
Cosmos SDK launches a new version
Meanwhile, Cosmos SDK has yet to comment on the security report and whether he would do anything to address the problem at the end. This may be because the specified weakness is actually a design feature, not a mistake or harmful programs, such as modern safety alerts on the supply chain attacks.
Fortunately, developers who use Cosmos SDK can implement most recommendations from security experts, allowing them to control what they publish and make sure they are not vulnerable to DDOS attacks.
It is interesting, Cosmos SDK Recently launched the V0.53.0 version. According to the announcement of X, the version is a response to the pain points raised by builders about the previous version.
According to what was reported, the latest version comes with unknown transactions, improved capabilities of the community complexes, allocated governance mechanisms, fields, and allocated mining. It also comes with error repairs, and developers can already upgrade to GitHub.
Cosmos SDK is a developer tool to create their easily customized network and integrate with Cosmos Blockchain, a network that seeks to become Blockchains Internet.
Cryptopolitan Academy: soon – a new way to earn a negative income with Defi in 2025. Learn more
