Open bytes032 opened 8 months ago
Some audits on Cosmos projects https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Message spoofing:
Going through this right now and writing up notes. Specific findings on previous audits seems useful because of the context of the issues. Zellic and Halborn both have Cosmos SDK audits. https://drive.google.com/file/d/1TjLkNn9MobjGTupukJBxnpxr0DKvj_6V/view and https://drive.google.com/file/d/1F7RHWukeEcjUrA5P2BS3AYsttjYvQaw8/view?usp=sharing.
These folks are assumed to be one of the best auditors in the Cosmos space? https://github.com/informalsystems/audits
Informal systems does a good job on these. IBC and EVMOS are two of the most important things in the Cosmos SDK library. Axelar is a very large project as well.
Actually, the Zellic audit of Zetachain is pretty fantastic as well.
Informal systems does a good job on these. IBC and EVMOS are two of the most important things in the Cosmos SDK library. Axelar is a very large project as well.
Actually, the Zellic audit of Zetachain is pretty fantastic as well.
Adding Axelar https://github.com/axelarnetwork/audits
Should we be doing thorough explanations of these bugs or just linking other audits? currently, this is what I've been doing:
ZetaSent
event is emitted by the EVM by the Connector contract. originator
was not validated or checked in this case. The contract should have checked that the sender was the Connector contract. Or could do a combination of both too. Write out the previous audits of Zetachain thoroughly and a few other impactful ones then just link to a large amount of other audits.
WTF, the Halborn audit is private now... I was literally reading this last week. Hmmm.
Or could do a combination of both too. Write out the previous audits of Zetachain thoroughly and a few other impactful ones then just link to a large amount of other audits.
really up to you, perhaps you can try both just for a sample and then we figure which one we want to stick with
Cool, I'm down for that.
Inter-blockchain communication(IBC) error handling issues: https://jumpcrypto.com/writing/huckleberry-ibc-event-hallucinations/ CosmWasm stack overflow: https://jumpcrypto.com/writing/stop-the-chain-cosmwasm-stack-overflow/ Double voting on Celer: https://jumpcrypto.com/writing/election-fraud-double-voting-in-celers-state-guardian-network/ Inter-blockchain communication(IBC) lack of channel verification: https://jumpcrypto.com/writing/preventing-airdrop-theft-on-stride-an-ibc-integration-vulnerability/ Misunderstanding how the ante handler works to bypass gas checks: https://jumpcrypto.com/writing/bypassing-ethermint-ante-handlers/
Oak Security audit for Cosmos this year: https://github.com/oak-security/audit-reports/blob/master/Cosmos/2023-06-23%20Audit%20Report%20-%20Cosmos%20Interchain%20Security%20v1.0.pdf
Zellic Auditor Alpha:
but for cosmos specifically, I'd recommend finding as many audit reports as you can, blog posts, articles, etc, and build a common base of knowledge for cosmos. Messages in cosmos are similar to external functions in solidity for example, so you can start building a security model based off of that. How are message callers and arguments validated? Ensure to check that privileged messages can't be called by anyone, ensure that each argument is validated as needed, etc
its a lot so i don't have specific resources in mind, but yeah I'd read through blog posts, audit reports, and anything else you can find on cosmos hacks
Quantumbrief audit for zetachain: https://drive.google.com/file/d/1N9JLdYaq6_gyruMrRDrrrl-JUHANQrI5/view
Veridise audit for zetachain: https://drive.google.com/file/d/1ZOaVqXRPoYXPG2m1hSKvizhlbo29j4TJ/view
Halborn cosmos audits: https://github.com/HalbornSecurity/PublicReports/tree/master/Cosmos%20Audits
Zellic cosmos audits: https://github.com/Zellic/publications
I think the deliverables/action points of this should be something like: