Since the end of Phase 3 of Game of Zones, the GoZ team has been evaluating technical details of the numerous attacks carried out to push the limits of the IBC security model.
During Phase 3 of the competition, the goal was for participants to adopt an attacker’s mindset and attack the network layer of the hub. This phase was designed to educate network operators about risk by surfacing security vulnerabilities and rooting out opportunistic attacks that might be possible if a node or zone is not monitored or configured to be safe by default. As expected, we saw a plethora of incredible attacks across the competition hub, and we were amazed by the creativity and persistence of participants.
The winner of Phase 3 of GoZ is P2P.org, who will receive 6,250 ATOM for their outstanding performance in creating a deceptive rootchain and a double spend via double sign attack for the third phase of the competition. Their approach to attacking an IBC-enabled network demonstrated that the best way to steal coins from a user is to do so subtly. Their subtle mechanism to steal coins implemented minted unredeemable coins, and their successful attack and technical Proof-of-Concept documents this well.
There are countless incredible write ups and contributions that have gone a long way to expand what we know about protecting an IBC-enabled network, such as these:
- Agoric developed a Smart Relayer for IBC and a demo video.
- Iris created a deceptive state machine, and a demo to show how it works.
- Regen Network devised a way to mint fake tokens and to invade a zone to drain its reserves.
The most important goal of Game of Zones is to prepare network operators for the entirely new set of abstractions that will come when IBC is production ready. It has been incredible to see participants and the overall community rise to this challenge, especially since this phase will undoubtedly improve the security and shared knowledge around running a safe, secure hub. Congratulations to everyone who successfully completed Phase 3 of Game of Zones!
goz.cosmosnetwork.dev 