Beijing time on November 12 evening, QOS core technical team as a chain circles long awaited Cosmos project test network member of major bugs found on gaia - 9001 version, QOS technology team to give a name to this vulnerability XYZ loopholes in the implementation code (found by the name of the core technology of the vulnerability of the), the hole lead to cut the steak tokens in circulation over 10 times, the system risk and destructive,


[/align]
The QOS of the technical team is how to find loopholes in XYZ implementation code? QOS CTO li jie said, mainly based on the team members to the Cosmos 0.26.1 - rc1 version source familiar with the subjects of Cosmos and the assurance of logic, shown in the figure mark the three steps below, by constructing a certain trigger condition, make the program only step 1 and step 2, step three, can be created, tokens,

Source file is github.com/cosmos/cosmos-sdk/x/auth/ante.go find bugs,



Code (found vulnerabilities screenshots)

In fact, for any public ecosystem chain, the tokens of the issuance and circulation is an important part of the operation of the ecological stability mainly through complete through the economic model, the QOS technology team found that this bug is belong to this category, in simple terms, the presence of this bug allowed to ignore the rules of the system to send tokens, each node, the result may lead to various nodes on the token sum is greater than the project itself is expected to total number of tokens, triggering system paralysis, it is for the whole project and ecological fatal blow,

XYZ implementation code holes once appeared last night just to paralyze the gaia - 9001 entire network, community in Cosmos has caused great attention and debate,



(community of screenshots)



So far, gaia - 9001 test network is still in the state of upgrade, originally scheduled for today for your steak contest (Game of Stakes, GoS) holes in the future and therefore time goes by, then head of the laboratory of Tendermint, feng yuan vc (Amino Capital) consultant, can connect pledge Alliance (Trusted IoT Alliance), executive director of Zaki Manian Sir, as a representative of the Cosmos's contribution to the QOS technology team to give you, said it would also give the QOS core technology team rewards, in addition, a number of community developers contributing to QOS technology team's thumb up and give their personal tokens, incentives,



(zaki positive screenshot)



(community other personal technology developers to praise and reward the screenshots, KAUCHY is one of the core technical team in the Cosmos community account QOS)

Cosmos is a network composed of block chain (Internet of Blockchains), it is the creation of the chain in order to solve some blocks the problems existing in the community for a long time, the Cosmos by different independent network, parallel block chains, chain of each of these blocks are run through a classic Byzantine fault tolerance for example Tendermint consensus, interoperability, scalability, scalability, and so on have great breakthrough,

QOS CTO li jie said, QOS technology team to further study the entire Cosmos technical architecture as well as the economic model, also learn from a lot of Cosmos in the division, cross chain on issues such as handling, although the QOS and Cosmos adopted engine Tendermint consensus, but the QOS on the business scenario with the Cosmos or is there a big difference, two projects on technical orientation and architecture have different characteristics and emphasize particularly on, but there are also Shared, worth learning from each other, the QOS technology team are also apply for verification of the Cosmos node, try to do more on the technical level of communication and the exchange,