Security Researcher Discloses Critical Cosmos CometBFT 0-day Vulnerability

Odaily News: Security researcher Doyeon Park posted on X platform, disclosing a 0-day vulnerability in the Cosmos consensus layer (CometBFT). The vulnerability has a CVSS severity rating of 7.1 (High) and could cause nodes within the Cosmos ecosystem to stall during the block synchronization phase, although direct asset theft is not feasible. The ecosystem secures assets exceeding $80 billion. The researcher followed the Coordinated Vulnerability Disclosure (CVD) process to ensure ecosystem security; however, due to the vendor's lack of cooperation and irresponsible decision-making, the decision was made to proceed with disclosure based on the vendor's final decision.