Osmosis v9 Post-Upgrade Downtime Incident - Preliminary Report

Osmosis recently (today/yesterday) upgraded to v9 (version is v9.0.0

The details are as follows, but not the focus of this article

https://www.mintscan.io/osmosis/proposals/252

Vulnerabilities were discovered and reported after the upgrade, so verify people proactively shut down

Quoting Junønaut tweet:

https://twitter.com/TheJunonaut/status/1534402698556190726

A critical bug has been found on $OSMO / @OsmosisZone

which could have potentially drained all liquidity pools.

It has been discovered after a post on the subreddits /r/CosmosNetwork and /r/OsmosisLab.

The chain was halted under immediate emergency to avoid further damage.

Critical software vulnerability has been discovered

This hole can be used to drain all flow cells

The vulnerability was discovered by someone posting on the subreddit

The chain operation was intentionally suspended to prevent any further losses

More information

• Someone has successfully used this vulnerability (see the follow-up of the above tweet
• Vulnerability fixed but still to be tested - source tweet
• Post-mortem analysis, compensation, etc. need to wait until the network restarts

There is enough new news to integrate new articles~