In a forum post published on Oct. 1 blockchain interoperability platform Cosmos has disclosed a “high-severity security vulnerability” that was found in consensus engine Tendermint Core.
According to the announcement, an update patch was released the following morning. The vulnerability reportedly affected all versions of Tendermint, on which Cosmos is built. All validators and service providers on Tendermint-powered networks are encouraged to update their software as soon as possible.
Blockchain to blockchain communication
The Cosmos platform allows individual blockchains to communicate and transact with each other. Developed by the Tendermint team, it employs an inter-blockchain communication protocol to establish blockchain interoperability.
Recent blockchain vulnerabilities
The Cosmos announcement caps a less than impressive week for blockchain security, with vulnerabilities also revealed in both ZCash and the Lightning Network.
Whilst no further details of the Cosmos bug have been given, the vulnerability in Lightning Network was fully disclosed by a developer this week.
LN nodes accepting funding transactions to open channels needed to check that the transaction was ‘as promised’, or an attacker could spend funds from the channel without paying.
The ZCash bug, announced Sept. 29, could have leaked metadata relating to the IP addresses of shielded full-nodes.