My Interchain Year-End Recap 2024

2024 has been a transformative year for the Interchain ecosystem, with significant progress made in cross-chain interoperability, security, and developer experience. As we close out the year, I want to reflect on some of the key developments that have shaped our journey. The Interchain ecosystem has seen tremendous growth in protocol-to-protocol communications, with IBC reaching new milestones in transaction volume and chain integrations. Developer tooling has improved drastically, making it easier than ever to build and deploy cross-chain applications.

Read Full Article →

Projects

Interchain (Tooling)

- Spawn: Scaffold Cosmos Networks

- Cosmos Proof of Authority

- Local-Interchain Dev Env

Proud of

- Docci: markdown testing engine

- Ondo: Stocks on Chain | [article]

- WAVS: Wasi AVS Components

- Eigenlayer <> Cosmos PoA

- Shielded ERC20 for Central Bank of Brazil

Interchain (Node / Ops)

- Cosmos RPC+REST Node Cache

- Generic Chain Indexer

- Airdrop Tools & Utils

- Auto NFT Snapshots

Legacy

- ICF Dev Portal Docssite

- Interchain Spaces Archive

- EVNT Minecraft Train

Past Experience

Full Development

2024 - Strangelove / Ondo ( Spawn, Local-IC, Ethos, Ondo Finance )
2022 - Juno Network ( Smart Contract Platform, CosmWasm Integration )
2022 - Craft Economy ( Integration, NFT Platform, Marketplace )
2021 - EVNT (1,150 players) ( Gaming Platform (1,150 players) )
2020 - EventMC (650) ( Gaming Infrastructure (650 players) )
2020 - Spifey (350+) ( Gaming Services (350+ players) )

Security Findings

Permission Bypass in Noble, Stride, Neutron, CosmosHub, and Sei Network

December 1st, 2023; I reported an issue to John @ Noble a security issue that allowed anyone to bypass their IsBlacklisted and IsPaused logic via nested authz messages. I further found this affected the Interchain security module as well for Stride and Neutron which was fixed as well after proper discloser to the Informal team. It further affected Sei Network (with their ACL admin priority of execution).

Packet-Forward DoS Halt

October 11th, 2023; I found a high-severity vulnerability affecting affecting the packet-forward-middleware v7.0.0 release I found, migrated, and distributed the patch to 6 networks within just 24 hours of discovery. The swift actions ensured no networks were able to be exploited accidentally or maliciously.

CosmWasm DoS Halt

Q1 2023; I identified a Security issue in the cosmwasm/wasmd blockchain repo, allowing bad actors to halt the chain of any cosmwasm network. If funds are removed from the distribution module without their special message, the chain's state machine throws an invariance if checked. CosmWasm failed to properly check if its governance instantiate & execute functions deny funds movement from this account, allowing attackers to submit valid proposals to move funds to their contract and use x/crisis module to halt the network after taking funds. This issue was patched in the Juno Network v12.0.0 mainnet upgrade, with other chains using my patch shortly following.

Robinhood Clearing House

2020; I decided to participate in Robinhood's Bug Bounty program. After learning how a clearing house works, I decided to come up with possible ways to break it for user benefit. With Robinhoods addition of Fractional shares trading, I was able to exploit their fractional rounding which lead to 33-66% discounts on all public stocks through their web platform. With this, I was awarded for finding the bug via their HackerOne.

Reece

Principal Software Engineer, Cosmos-SDK, Ethereum, DevEx

My Open-Source Work Log