10 matches found
CVE-2021-41135
The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which includ...
EUVD-2021-2140
Malware in sbrugna...
Authz Module Non-Determinism
Impact Consensus failure for 0.43.x and 0.44.0,1 users. Funds and balances are safe. Patches 0.44.2 Workarounds Manually patch the code. --- Full details posted in https://forum.cosmos.network/t/cosmos-sdk-vulnerability-retrospective-security-advisory-jackfruit-october-12-2021/5349...
Consensus Halt
github.com/cosmos/cosmos-sdk encounters a consensus halt. An attacker with the ability to send transactions on any chain with the authz module enabled can halt that chain using many Grants, with different but close expiration times as it uses non-deterministic behaviour in a ValidateBasic method ...
CVE-2021-41135
The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which includ...
CVE-2021-41135
The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which includ...
Authorization
The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which includ...
CVE-2021-41135 Authz Module Non-Determinism
The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which includ...
CVE-2021-41135
Summary: CVE-2021-41135 affects the Cosmos-SDK’s x/authz module where Grant.ValidateBasic() non-deterministically compares the grant expiration time to the node clock, enabling a chain with the authz feature enabled to halt via crafted transactions. This is reported for affected SDK versions, wit...
Cosmos-SDK 代码问题漏洞
Cosmos-SDK is a framework for building blockchain applications in Golang. Cosmos-SDK suffers from a code issue vulnerability that stems from non-deterministic behavior of the ValidateBasic method in the x/authz module in the software, and affected versions of the SDK are prone to consensus stoppi...