Vulnerability Report: GO-2024-2638
- GHSA-95rx-m9m5-m94v
- Affects: github.com/cosmos/cosmos-sdk
- Published: May 10, 2024
- Modified: May 20, 2024
The default ValidateVoteExtensions helper function infers total voting power based on the injected VoteExtension, which are injected by the proposer. If your chain utilizes the ValidateVoteExtensions helper in ProcessProposal, a dishonest proposer can potentially mutate voting power of each validator it includes in the injected VoteExtension, which could have potentially unexpected or negative consequences on modified state. Additional validation on injected VoteExtension data was added to confirm voting power against the state machine.
For detailed information about this vulnerability, visit https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-95rx-m9m5-m94v.
Affected Packages
-
PathGo VersionsSymbols
-
from v0.50.0 before v0.50.5
Aliases
References
- https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-95rx-m9m5-m94v
- https://github.com/cosmos/cosmos-sdk/commit/4467110df40797ebe916c23ebfd45c9ee7583897
- https://github.com/cosmos/cosmos-sdk/releases/tag/v0.50.5
- https://vuln.go.dev/ID/GO-2024-2638.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.