All in Bits, a software development company in the Cosmos ecosystem, published a post detailing the reasons why the Cosmos Hub Liquidity Staking Module (LSM) has serious security issues, including:
Most of the LSM code was written by North Korean developers;
LSM is not an independent module, but a set of modifications to the existing staking, allocation, and slashing modules, which may affect all staked ATOMs;
Vulnerabilities that allow slashing circumvention still exist;
19 months of unaudited code changes;
Major misrepresentations by Zaki Manian and Iqlusion;
ICF, Stride Labs, and informal systems lack transparency.
All in Bits makes the following recommendations:
Immediately fix the main staking vulnerability of LSM;
Immediate, comprehensive LSM audit;
Fully disclose the timeline of investigations involving North Korean developers;
ICF-related party blacklist;
New audit and oversight protocols for ICF-funded projects.