Cosmos IBC Reentrancy Infinite Mint

In this article, we describe a vulnerability in ibc-go, the reference implementation of the Cosmos Inter-Blockchain Communication (IBC) protocol. A reentrancy vulnerability during the handling of timeout messages could have allowed an attacker to mint an infinite amount of IBC tokens on affected Cosmos chains.


Ethereum Log Confusion in Polygon's Heimdall

In this blog post, we describe a vulnerability in Heimdall, the validator software of the Polygon Proof-of-Stake (PoS) blockchain. This flaw, if exploited, could have allowed a rogue or compromised validator to take over the Heimdall consensus layer and inject fraudulent events into the StakeSync mechanism, a critical component of the Polygon PoS bridge, putting over $2B of crypto assets in the bridge at risk.