Post Mortem: Ethermint Security Vulnerability and Evmos’ Swift Response
The Evmos Core Development team recently addressed a notable vulnerability in Ethermint, after being contacted by the security team at Jump Crypto. Ethermint is employed by many chains across the ecosystem and enables developers to harness Ethereum’s strengths while leveraging Cosmos’ interoperability. Ensuring its stability and security is essential.
The disclosed vulnerability would have allowed an attacker to bypass specific protocol handlers, leading to transaction fee theft and denial of service. The Evmos team acted promptly, collaborating with Jump Crypto and the Cronos team to implement a patch and effectively eliminating the attack vector and securing the many affected chains.
The Evmos Core Development team’s swift response and collaboration with other teams ensured that no malicious exploitation occurred, and the Cosmos ecosystem’s stability and reliability were maintained. The Cronos team awarded Jump Crypto a $25,000 bounty for their discovery and disclosure of the vulnerability, which Jump Crypto generously donated to Médecins Sans Frontières (MSF), a globally impactful organization.
Ethermint enables Cosmos chains to utilize Ethereum smart contracts, providing a seamless integration of Ethereum’s capabilities within the Cosmos ecosystem. Evmos’ proactive approach in addressing the vulnerability highlights their dedication to providing a shared public good for the Cosmos ecosystem. The team efficiently coordinated with and applied the fix to more than five live networks currently leveraging Ethermint, demonstrating their ability to remediate problems quickly and effectively. The Evmos team’s expertise and rapid response to security vulnerabilities underscore their commitment to maintaining a secure and thriving Cosmos ecosystem.
The recent vulnerability highlights the importance of a collaborative approach to security and maintenance. We invite developers, security researchers, and the community at large to join us in building and maintaining Ethermint, a shared public good that benefits the entire Cosmos ecosystem. By working together, we can ensure that Ethermint remains a secure, reliable, and innovative platform for smart contracts and decentralized applications.
If you’re interested in the technical details of the vulnerability and its resolution, you can read Jump’s disclosure here.
About Evmos
Evmos is an EVM-compatible, IBC-enabled blockchain in the Cosmos ecosystem designed for cross-chain dApp development.
The Evmos Core Development Team is on a mission to create and ship the foundational tools necessary for building the cross-chain applications of the future. With groundbreaking roadmap features like EVM Extensions, the Evmos SDK, and the Evmos dApp Store, Evmos gives developers the freedom to take advantage of the IBC and connect their smart contracts to the Cosmos Ecosystem.
This revolutionary technology frees developers from the confines of today’s siloed blockchains.
The future is cross-chain.
Helpful Resources
💻 Developer Documentation: https://evmos.dev/
👾 Official Discord: https://discord.gg/evmos
🐙 GitHub: https://github.com/tharsis/evmos
🕊 Twitter: https://twitter.com/EvmosOrg
📯 Telegram: @EvmosOrg
📄 Medium: https://evmos.blog/
🖥 Evmos Website: https://evmos.org
🌋 Evmos Jobs Board: https://boards.eu.greenhouse.io/evmos
Evmos is the EVM stack for building natively cross-chain decentralized applications.
We encourage you to read the Evmos Manifesto and learn more about our plans to build a cross-chain future.
DISCLAIMER: None of this is financial advice. This content is strictly for educational purposes. It’s not investment advice or a solicitation to buy or sell any assets.
