Why is non-determinism a critical check for Cosmos chains?

Non-deterministic code causes validators to produce different state roots for the same block, leading to immediate consensus failure and chain halts.

How does the skill handle ABCI method analysis?

It reviews BeginBlocker and EndBlocker implementations for unbounded iterations and panic-prone operations that could crash the validator network.

What specific Cosmos vulnerabilities does this skill detect?

It scans for nine critical patterns including non-deterministic map iteration, ABCI panics, incorrect signers, rounding errors, and improper IBC packet validation.

Can this skill be used for both Go and Rust codebases?

Yes, it supports both Cosmos SDK modules written in Go and CosmWasm smart contracts written in Rust.

Cosmos Vulnerability Scanner

Name: Cosmos Vulnerability Scanner
Author: fjor1025

byfjor1025

0•

Security & Testing

Identifies consensus-critical vulnerabilities and security flaws in Cosmos SDK modules and CosmWasm smart contracts to prevent chain halts and fund loss.

This skill provides a specialized security framework for auditing Cosmos-based blockchains and CosmWasm smart contracts. It systematically identifies nine critical vulnerability patterns—such as non-deterministic map iterations, improper ABCI method implementations, and signature validation errors—that can lead to chain halts or financial loss. By integrating platform-specific detection for Go and Rust codebases, it assists developers in performing pre-launch assessments, investigating consensus failures, and ensuring deterministic execution across validator nodes.

Key Features

01Analyzes ABCI methods for panic risks, unbounded loops, and computational complexity

02Detects non-deterministic patterns like unordered map iterations and platform-dependent types

030 GitHub stars

04Audits CosmWasm contracts for reentrancy, reply handling, and denom validation

05Validates Cosmos SDK message handlers and GetSigners implementation logic

06Provides actionable remediation steps and code examples for identified vulnerabilities

Use Cases

01Investigating the root cause of production blockchain incidents or state divergences

02Pre-launch security assessments to prevent validator consensus failures and chain halts

03Performing comprehensive security audits of custom Cosmos SDK modules and chain logic

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add fjor1025/infosec-framework cosmos-vulnerability-scanner

For use in Claude.ai and ChatGPT

Download Skill