Summary
TLDR: Asymmetric Research discovered a critical vulnerability in the ibc-go implementation of the IBC protocol, affecting CosmWasm-based IBC middleware. The vulnerability could allow for the exploitation of an infinite number of IBC tokens. The issue was privately disclosed and resolved without any malicious exploitation. Cosmos teams had strong security measures in place to prevent major risks.
Key Points
1. A critical vulnerability was found in the IBC protocol affecting CosmWasm-based IBC middleware, specifically in ibc-go, the Golang implementation of the protocol.
2. The vulnerability allowed for the replay of the flow between the module deleting the commitment control, potentially leading to the exploitation of an infinite number of IBC tokens across multiple chains.
3. The issue was privately disclosed to the Cosmos HackerOne bug bounty program, and a binary patch was released to fix the vulnerability without breaking consensus, showcasing the importance of strong security measures in the Cosmos ecosystem.