Cosmos生态开发公司All in Bits：Cosmos Hub的流动性质押模块存在严重安全问题

Blockbeats

Oct 16, 2024

BlockBeats 消息，10 月 16 日，Cosmos 生态软件开发公司 All in Bits 在 Github 上发文表示，其发现了 Cosmos Hub 的流动性质押模块（LSM）存在严重安全问题的原因，包括大多数 LSM 代码由朝鲜特工编写；LSM 不是一个独立的模块，而是对现有质押、分配、罚没模块的一组修改，可能会影响所有质押的 ATOM；允许罚没规避的漏洞仍然存在；19 个月代码更改未经审计的；Zaki Manian 和 Iqlusion 的重大误述； ICF、Stride Labs、非正式系统缺乏透明度。

All in Bits 建议立即修复 LSM 的主要质押漏洞；即时、全面的 LSM 审计；全面披露朝鲜参与调查时间表；ICF 相关方黑名单；针对 ICF 资助项目的新审计和监督协议。

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

{"basename":"","ssrTDKData":{"titleTemplate":"%s - Tiger Brokers","title":"Tiger Brokers | Global Stocks, Options & Futures Trading App","description":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","keywords":"tiger brokers,tiger trade,tiger brokers singapore,broker online,stock trading in singapore,share trading singapore,brokerage firm singapore,trading app,stock broker singapore,stock trading platforms,trading account","social":{"ogDescription":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/news/2475988339"},"companyName":"Tiger Brokers"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"isCrawlerRequest":true,"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2475988339\",edition:\"fundamental\",auth_exemption:1,,,undefined,":{"share":"https://ttm.financial/m/news/2475988339?lang=en_US&edition=fundamental","thumbnail":"","is_english":false,"pubTime":"2024-10-16 12:14","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2475988339","market":"us","top_or_hot":-1,"title":"Cosmos生态开发公司All in Bits：Cosmos Hub的流动性质押模块存在严重安全问题","media":"Blockbeats","content":"<html><body><div><p>BlockBeats 消息，10 月 16 日，Cosmos 生态软件开发公司 All in Bits 在 Github 上发文表示，其发现了 Cosmos Hub 的流动性质押模块（LSM）存在严重安全问题的原因，包括大多数 LSM 代码由朝鲜特工编写；LSM 不是一个独立的模块，而是对现有质押、分配、罚没模块的一组修改，可能会影响所有质押的 ATOM；允许罚没规避的漏洞仍然存在；19 个月代码更改未经审计的；Zaki Manian 和 Iqlusion 的重大误述； ICF、<a href=\"https://laohu8.com/S/LRN\">Stride</a> Labs、非正式系统缺乏透明度。</p><p>All in Bits 建议立即修复 LSM 的主要质押漏洞；即时、全面的 LSM 审计；全面披露朝鲜参与调查时间表；ICF 相关方黑名单；针对 ICF 资助项目的新审计和监督协议。</p></div></body></html>","source":"theblockbeats_zh_live","html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>Cosmos生态开发公司All in Bits：Cosmos Hub的流动性质押模块存在严重安全问题</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\nCosmos生态开发公司All in Bits：Cosmos Hub的流动性质押模块存在严重安全问题\n</h2>\n\n<h4 class=\"meta\">\n\n\n2024-10-16 12:14 北京时间&nbsp;&nbsp;&nbsp;<a href=https://www.theblockbeats.info//flash/266845><strong>Blockbeats</strong></a>\n\n\n</h4>\n\n</header>\n<article>\n<div>\n<p>BlockBeats 消息，10 月 16 日，Cosmos 生态软件开发公司 All in Bits 在 Github 上发文表示，其发现了 Cosmos Hub 的流动性质押模块（LSM）存在严重安全问题的原因，包括大多数 LSM 代码由朝鲜特工编写；LSM 不是一个独立的模块，而是对现有质押、分配、罚没模块的一组修改，可能会影响所有质押的 ATOM；允许罚没规避的漏洞仍然存在；19 个月代码...</p>\n\n<a href=\"https://www.theblockbeats.info//flash/266845\">Source Link</a>\n\n</div>\n\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":"LU2517655028.SGD","symbol_name":"WELLINGTON NEXT GENERATION EDUCATION \"A\" (SGDHDG) ACC","start_time":0,"source_url":"https://www.theblockbeats.info//flash/266845","article_id":"2475988339","we_media_id":null,"thumbnails":[],"rights":null,"url":"https://stock-news.laohu8.com/highlight/detail?id=2475988339","pubTimestamp":1729052040,"columns":[],"sourceInfo":{"source_id":"theblockbeats_zh_live","name":"blockbeat"},"weMediaInfo":null,"summary":"BlockBeats 消息，10 月 16 日，Cosmos 生态软件开发公司 All in Bits 在 Github 上发文表示，其发现了 Cosmos Hub 的流动性质押模块（LSM）存在严重","collect":0,"end_time":0,"defaultTopTitle":"theblockbeats.info","property":[],"viewcount":null,"language":"zh","relate_stocks":{"LU2517655028.SGD":"WELLINGTON NEXT GENERATION EDUCATION \"A\" (SGDHDG) ACC","ICF":"不动产指数ETF-iShares","LU2362541513.USD":"WELLINGTON NEXT GENERATION GLOBAL EQUITY \"A\" (USD) ACC","IE0009354923.USD":"JANUS HENDERSON US VENTURE \"A2\" (USD) ACC","BK4204":"教育服务","LU2517655291.USD":"WELLINGTON NEXT GENERATION EDUCATION \"A\" (USD) ACC","LRN":"Stride","LU2362541273.HKD":"WELLINGTON NEXT GENERATION GLOBAL EQUITY \"A\" (HKD) ACC","ATOM":"Atomera Inc","LU2362540622.SGD":"WELLINGTON NEXT GENERATION GLOBAL EQUITY \"A\" (SGDHDG) ACC","LU2517655374.HKD":"WELLINGTON NEXT GENERATION EDUCATION \"A\" (HKD) ACC","BK4147":"半导体设备"},"translate_title":"Cosmos Ecological Development Company All in Bits: Cosmos Hub's Liquidity Staking Module Has Serious Security Issues","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"ICF":1,"ATOM":1,"LRN":1},"content_text":"BlockBeats 消息，10 月 16 日，Cosmos 生态软件开发公司 All in Bits 在 Github 上发文表示，其发现了 Cosmos Hub 的流动性质押模块（LSM）存在严重安全问题的原因，包括大多数 LSM 代码由朝鲜特工编写；LSM 不是一个独立的模块，而是对现有质押、分配、罚没模块的一组修改，可能会影响所有质押的 ATOM；允许罚没规避的漏洞仍然存在；19 个月代码更改未经审计的；Zaki Manian 和 Iqlusion 的重大误述； ICF、Stride Labs、非正式系统缺乏透明度。All in Bits 建议立即修复 LSM 的主要质押漏洞；即时、全面的 LSM 审计；全面披露朝鲜参与调查时间表；ICF 相关方黑名单；针对 ICF 资助项目的新审计和监督协议。","kind":"live","is_publish_news":false,"is_publish_highlight":false,"is_publish_live":true,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"0","news_tag":"","news_rank":0,"symbols":[],"gpt_button":0,"need_auth":false,"code":"91000000","status":"200"}}}