playbooks

home / skills / plurigrid / asi / cosmos-vulnerability-scanner

cosmos-vulnerability-scanner skill

/skills/cosmos-vulnerability-scanner

This skill scans Cosmos SDK chains for consensus vulnerabilities and helps auditors identify non-determinism, incorrect signers, panics, and rounding errors.

npx playbooks add skill plurigrid/asi --skill cosmos-vulnerability-scanner

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
1.6 KB
---
name: cosmos-vulnerability-scanner
description: Scans Cosmos SDK blockchains for 9 consensus-critical vulnerabilities including non-determinism, incorrect signers, ABCI panics, and rounding errors. Use when auditing Cosmos chains or CosmWasm contracts. (project, gitignored)
category: building-secure-contracts
author: Trail of Bits
source: trailofbits/skills
license: AGPL-3.0
trit: -1
trit_label: MINUS
verified: true
featured: false
---

# Cosmos Vulnerability Scanner Skill

**Trit**: -1 (MINUS)
**Category**: building-secure-contracts
**Author**: Trail of Bits
**Source**: trailofbits/skills
**License**: AGPL-3.0

## Description

Scans Cosmos SDK blockchains for 9 consensus-critical vulnerabilities including non-determinism, incorrect signers, ABCI panics, and rounding errors. Use when auditing Cosmos chains or CosmWasm contracts. (project, gitignored)

## When to Use

This is a Trail of Bits security skill. Refer to the original repository for detailed usage guidelines and examples.

See: https://github.com/trailofbits/skills

## Related Skills

- audit-context-building
- codeql
- semgrep
- variant-analysis


## SDF Interleaving

This skill connects to **Software Design for Flexibility** (Hanson & Sussman, 2021):

### Primary Chapter: 7. Propagators

**Concepts**: propagator, cell, constraint, bidirectional, TMS

### GF(3) Balanced Triad

```
cosmos-vulnerability-scanner (−) + SDF.Ch7 (○) + [balancer] (+) = 0
```

**Skill Trit**: -1 (MINUS - verification)


### Connection Pattern

Propagators flow constraints bidirectionally. This skill propagates information.

Overview

This skill scans Cosmos SDK blockchains and CosmWasm artifacts for nine consensus-critical vulnerabilities, including non-determinism, incorrect signers, ABCI panics, and rounding errors. It is designed for auditors and developers who need targeted, automated checks to find issues that can break consensus or cause forks. The scanner focuses on analysis that complements manual review and fuzzing.

How this skill works

The scanner inspects chain state transitions, transaction execution paths, and contract bytecode to detect patterns that lead to consensus divergence or runtime crashes. It runs static checks and lightweight dynamic probes to flag non-deterministic operations, signer mismatches, panic-prone ABCI handlers, and numeric rounding problems. Results are organized as prioritized findings with traces and reproduction hints to speed remediation.

When to use it

  • Before and during security audits of Cosmos SDK chains or CosmWasm contracts
  • When validating network upgrades or migration paths that could introduce consensus changes
  • As part of CI for contract or module development to catch consensus-critical issues early
  • After fuzzing or stress testing to triage failures that may indicate deterministic gaps

Best practices

  • Run the scanner against a realistic state snapshot to surface environment-dependent non-determinism
  • Combine scanner findings with targeted unit tests and determinism fuzzing for high-confidence fixes
  • Prioritize fixes that can cause forks or liveness failures (signer checks, panics, rounding) before lower-severity issues
  • Document and lock runtime-critical parameters (serialization formats, RNG seeding, math libraries) to reduce false positives
  • Integrate the tool in CI to catch regressions before network deployment

Example use cases

  • Auditing a Cosmos chain upgrade to ensure new code paths remain deterministic across validators
  • Reviewing CosmWasm contracts prior to mainnet deployment to detect signer and rounding edge cases
  • Triage of intermittent consensus failures by correlating runtime traces with scanner-detected risky patterns
  • Pre-release checks for modules that modify ABCI handlers or consensus-critical serialization

FAQ

Can this tool fix issues automatically?

No. The scanner flags and explains issues with traces and reproduction hints, but fixes require developer intervention and review.

Does it replace full security audits and fuzzing?

No. It complements manual audits and fuzzing by targeting a specific class of consensus-critical issues; use it alongside other testing tools.