Osmosis: Updates from the Lab 🧪

Recorded: Oct. 19, 2022 Duration: 0:26:21

Player

Snippets

Hello, hello everyone, we'll be starting in just a couple minutes.
Hey everyone, this is WaterCenter. I'm just hopping in. I'm gonna take over for today. Errant's a little bit busy.
As Sunnys said, we're just gonna wait for a second, get a little more people in here and then kick off some updates.
Okay, ready to go. Alright, awesome. Yeah, I just wanted to say hi to everyone. It's October 19th. We're coming back with another updates from the lab. Last time we were here
We had a little bit of talk about the V12 updates and the features that came with that. We had a Cosmoverse recap and a hack wasm recap. So right now, just gonna see what you have for us, Sonny. What's coming up and what's on the agenda and what can we look forward to? Yeah.
So, you know, last one week, last one and a half weeks has been a little bit of a crazy roller coaster for us. So, as people may have heard, there was a big, finance hack that happened about two weeks ago.
And, you know, we were always, so we were, you know, it didn't affect IBC, the bug that was in the Binance attack, but what we, you know, we were a little bit like, you know, concerned where we, because so, you know, Binance was using
the lot of the cosmos software, right? Like they are their main chain is running using the cause of SSTK and then they built sort of their own custom bridge between so they have you know, violence has two chains right they have their Cosmos SDK based chain called
And then there's like they have BSC with or I think they've now named it to be in B chain I think but like I'm gonna call it BSC because it's the name of used to so they have BSC which is a separate chain a EVM chain and they basically built their own Like light client bridge between by dance chain and BSC
and they were using like proofs, like you know, cosmos-based proofs. They weren't using the IBC protocol, but they were using like a lot of our libraries and there was a, you know, they were using a library that was like not meant to be like, you know, we
Yeah, it had a bug in it so that caused that issue and that was problematic And so that's why you know we spent a lot of time looking at IBC to make sure IBC was not vulnerable to this and it turns out IBC was not vulnerable to that bug but We were like okay, let's like you know sit down and like spend a couple days like really pouring through
through this code in IBC and a couple people from our team found a separate vulnerability in IBC that we sort of sounded some alarm bells to other core cause resisted K core developers.
You know, we all evaluated and realized, oh, yep, this is actually a major issue. And so we sort of had this process where we help roll out security patches to over 50 chains in less than a couple days. So that was definitely a

FAQ on Osmosis: Updates from the Lab 🧪 | Twitter Space Recording

When did the podcast take place?
The podcast took place on October 19th.
Who is taking over for Errant in the podcast?
Watercenter is taking over for Errant in the podcast.
What was discussed in the previous podcast episode?
In the previous podcast episode, there was discussion about the v12 updates, Cosmoverse recap, and Hack Wasm recap.
What major hack happened recently and who was affected?
The Binance hack happened recently, and Binance was affected.
Did the Binance hack affect the IBC protocol?
No, the Binance hack did not affect the IBC protocol.
What library was Binance using that had a bug and caused the hack?
Binance was using a library that was not meant to be used, which had a bug and caused the hack.
Did the IBC protocol have any vulnerabilities found during the investigation?
Yes, a vulnerability was found in the IBC protocol during the investigation.
How many chains were affected by the vulnerability found in the IBC protocol?
Over 50 chains were affected by the vulnerability found in the IBC protocol.
How long did it take for the security patches to be rolled out to the affected chains?
The security patches were rolled out to over 50 chains in less than a couple of days.
Who evaluated and confirmed the vulnerability found in the IBC protocol?
Core Cosmos SDK developers evaluated and confirmed the vulnerability found in the IBC protocol.