This post announces a vulnerability we discovered in CosmWasm, a smart contract platform written for the Cosmos ecosystem. The vulnerability was a stack overflow, which would have allowed users who can upload new smart contracts on Cosmos-based blockchains to halt those chains fully.
Jump Crypto aims to boost security assurance across the crypto ecosystem through ongoing research and coordinated disclosure to identify and patch vulnerabilities across various projects. This announcement is yet another example of how we continue these efforts.
You can find more details about this vulnerability in our markdown advisory or the .
We would like to thank the CosmWasm contributors and the downstream-affected Cosmos L1s for their professional handling of this issue and quick adoption of the patch. Thanks to their partnership, this bug was addressed without any user impact.
