4 matches found
GO-2025-4236 Finality Provider vulnerable to anti-slashing bypassing due to misconfiguration in github.com/babylonlabs-io/finality-provider
Finality Provider vulnerable to anti-slashing bypassing due to misconfiguration in github.com/babylonlabs-io/finality-provider...
EUVD-2025-203111
Finality Provider vulnerable to anti-slashing bypassing due to misconfiguration...
GHSA-4JMP-X7MH-RGMR Finality Provider vulnerable to anti-slashing bypassing due to misconfiguration
Summary The anti-slashing is not effective if the attacker can access EOTS manager endpoints. Impact If the EOTS manager endpoints are open to public without HMAC protection, the attacker can manually cause slashing of the finality provider through the RPC endpoints. Report credits go to:...
Finality Provider vulnerable to anti-slashing bypassing due to misconfiguration
Summary The anti-slashing is not effective if the attacker can access EOTS manager endpoints. Impact If the EOTS manager endpoints are open to public without HMAC protection, the attacker can manually cause slashing of the finality provider through the RPC endpoints. Report credits go to:...