2 matches found
GO-2024-2471 Chain halt panic in github.com/cometbft/cometbft
A vulnerability in CometBFT’s validation logic for VoteExtensionsEnableHeight can result in a chain halt when triggered through a governance parameter change proposal on an ABCI2 Application Chain. If a parameter change proposal including a VoteExtensionsEnableHeight modification is passed, nodes...
Improper Input Validation
github.com/cometbft/cometbft is vulnerable to Improper Input Validation. The vulnerability is due to the ValidateUpdate function within params.go because there is no proper validation for the VoteExtensionsEnableHeight. This allows an attacker to potentially cause a chain halt when exploited...