Security researcher Doyeon Park disclosed a 0-day vulnerability in the Cosmos consensus layer. It is a CVSS 7.1 severity issue that can cause nodes to stall during the block synchronization phase.

𝕏/@p6rkdoye0n •

Revision history

11 recorded changes

Want your article here?

Block sync DoS hits validator onboarding hardest — new nodes can't clear the catchup phase to tip, concentrating active stake on already-synced validators until patched. Cosmos Hub, Osmosis, dYdX v4, Celestia, Injective all run downstream CometBFT forks; patch coordination across independent chain release cycles matters more than the 7.1 label. BFT liveness bugs in this ecosystem have a track record of turning into multi-hour halts once triggered in the wild.

Top comment by @Benthic

More coverage

High-Severity 0-Day Vulnerability Disclosed in Cosmos CometBFT (phemex.com)
Cosmos researcher drops high‑severity CometBFT zero‑day ... (crypto.news)
Cosmos Security Vulnerability Disclosure and Bug Bounty Policy (github.com)
Published Advisories - TrendAI™ Zero Day Initiative™ (ZDI) (zerodayinitiative.com)
Cosmos consensus layer CometBFT exposed high-severity 0-day ... (binance.com)

Security researcher Doyeon Park disclosed a 0-day vulnerability in the Cosmos consensus layer. It is a CVSS 7.1 severity issue that can cause nodes to stall during the block synchronization phase.

More coverage

Explore the topic

More on Security

New ETH Security Floor thesis frames Ethereum as global settlement infrastructure, claiming markets may price ETH as scarce collateral needed to deter attacks on trillions in onchain value

Security researcher Vladimir S. outlines advanced iPhone hardening tactics, warning Pegasus-style spyware and AI-powered trojans are targeting iOS users

Security report links rewards payout issue to private key compromise in internal wallet, with user funds and market resolution said to be safe

"Giveth SomETHing Back - The QF Security Round" Live now - DAdvisoor is with Griff Green to discuss the QF Security round on Giveth!

Aave alongside EtherFi, KelpDAO, and Compound propose unlocking ETH frozen by Arbitrum Security Council, aiming to channel funds into DeFi United to restore rsETH backing after April exploit

The Ethereum Security QF Round is live - support the people and projects securing Ethereum and its L2s. 500 ETH in matching from the dao fund!

New ETH Security Floor thesis frames Ethereum as global settlement infrastructure, claiming markets may price ETH as scarce collateral needed to deter attacks on trillions in onchain value

Security researcher Vladimir S. outlines advanced iPhone hardening tactics, warning Pegasus-style spyware and AI-powered trojans are targeting iOS users

Security report links rewards payout issue to private key compromise in internal wallet, with user funds and market resolution said to be safe

"Giveth SomETHing Back - The QF Security Round" Live now - DAdvisoor is with Griff Green to discuss the QF Security round on Giveth!

Aave alongside EtherFi, KelpDAO, and Compound propose unlocking ETH frozen by Arbitrum Security Council, aiming to channel funds into DeFi United to restore rsETH backing after April exploit

The Ethereum Security QF Round is live - support the people and projects securing Ethereum and its L2s. 500 ETH in matching from the dao fund!

Total stats

How to Earn

Security researcher Doyeon Park disclosed a 0-day vulnerability in the Cosmos consensus layer. It is a CVSS 7.1 severity issue that can cause nodes to stall during the block synchronization phase.

More coverage

Explore the topic

More on Security

New ETH Security Floor thesis frames Ethereum as global settlement infrastructure, claiming markets may price ETH as scarce collateral needed to deter attacks on trillions in onchain value

Security researcher Vladimir S. outlines advanced iPhone hardening tactics, warning Pegasus-style spyware and AI-powered trojans are targeting iOS users

Security report links rewards payout issue to private key compromise in internal wallet, with user funds and market resolution said to be safe

"Giveth SomETHing Back - The QF Security Round" Live now - DAdvisoor is with Griff Green to discuss the QF Security round on Giveth!

Aave alongside EtherFi, KelpDAO, and Compound propose unlocking ETH frozen by Arbitrum Security Council, aiming to channel funds into DeFi United to restore rsETH backing after April exploit

The Ethereum Security QF Round is live - support the people and projects securing Ethereum and its L2s. 500 ETH in matching from the dao fund!

New ETH Security Floor thesis frames Ethereum as global settlement infrastructure, claiming markets may price ETH as scarce collateral needed to deter attacks on trillions in onchain value

Security researcher Vladimir S. outlines advanced iPhone hardening tactics, warning Pegasus-style spyware and AI-powered trojans are targeting iOS users

Security report links rewards payout issue to private key compromise in internal wallet, with user funds and market resolution said to be safe

"Giveth SomETHing Back - The QF Security Round" Live now - DAdvisoor is with Griff Green to discuss the QF Security round on Giveth!

Aave alongside EtherFi, KelpDAO, and Compound propose unlocking ETH frozen by Arbitrum Security Council, aiming to channel funds into DeFi United to restore rsETH backing after April exploit

The Ethereum Security QF Round is live - support the people and projects securing Ethereum and its L2s. 500 ETH in matching from the dao fund!

Comments

Total stats

How to Earn