Acquista Criptovalute
Paga con
USD
USD
Buy & Sell
Hot
Supports Visa, MasterCard, SEPA & more
P2P
0 Fees
Flexible trading, zero fees
Gate Card
Use your crypto for payments worldwide
Mercati
Trading
Basic
Advanced
Futures
Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Opzioni
Hot
Trade European-style Vanilla Options
Conto unificato
Massimizza l'efficienza del tuo capitale
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Guadagna
Lancia
CandyDrop
tag
Raccogli le caramelle per guadagnare airdrop
Launchpool
Staking rapido, guadagna potenziali nuovi token
HODLer Airdrop
Fai holding GT e ottieni enormi airdrop gratuitamente
Launchpad
Sii tra i primi per il prossimo grande progetto
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Investimento
Square
Square
Post, share, and explore crypto trends
Live
moments live
Live crypto market analysis
Chat
Chat with crypto traders
News
What is happening in crypto
flower_head
Altro
Promozioni
AI
Altro
TradFi
Rewards

ICL确认与朝鲜关联个人曾贡献于Cosmos代码库 其代码已移除且无遗留风险

GateNews
ATOM-0,75%

Gate News bot 消息,Interchain Labs(ICL)已确认,一名后来被确认与朝鲜有关联的个人在 2022 年至 2024 年期间受雇于前维护人员期间,曾为 Cosmos 代码库做出贡献。

这位 Cosmos 核心开发人员与安全联盟 (Security Alliance) 和 Asymmetric Research 合作发布了一份安全报告,证实该个人对两个代码库的访问权限有限:cosmos/IAVL 和 cosmos/cosmos-sdk。审查发现,在 SDK v2 取消后,他贡献的大部分代码已被弃用或从路线图中移除,独立审计未发现任何剩余风险或漏洞。

然而,为了提高透明度,ICL 将在下个月在 Cosmos HackerOne 页面上提供双倍赏金,奖励发现与该参与者的 GitHub 帐户“cool-develope”相关的任何符合条件的漏洞的人员。

具体而言,该个人从 2022 年年中到 2024 年 11 月,在 ICL 成立和 Cosmos 第三方维护模式结束之前,曾为前核心堆栈维护供应商工作。ICL 在一份声明中表示,在接管所有核心堆栈开发后,团队实施了新的安全和招聘协议,从而发现了这个问题,并阻止其进一步的贡献。同一人后来再次申请职位,但被标记并被拒绝。

ICL 表示,自 2 月份以来,它已对所有核心 Cosmos 存储库实施了全面的安全升级,包括撤销旧访问权限、重新许可所有贡献者、轮换凭证以及加强审计控制。

消息来源:The Block

Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to Disclaimer.
Commento
0/400
Nessun commento