60 matches found
EUVD-2025-16144
Malicious code in bioql PyPI...
GO-2025-3791 Babylon vulnerable to chain half when transaction has fees different than `ubbn` in github.com/babylonlabs-io/babylon
Babylon vulnerable to chain half when transaction has fees different than ubbn in github.com/babylonlabs-io/babylon...
GO-2025-3801 Babylon vulnerable to chain halt when a message modifies the validator set at the epoch boundary in github.com/babylonlabs-io/babylon
Babylon vulnerable to chain halt when a message modifies the validator set at the epoch boundary in github.com/babylonlabs-io/babylon...
Denial Of Service (DoS)
github.com/babylonlabs-io/babylon is vulnerable to Denial Of Service DoS. The vulnerability is due to sending a message that modifies the validator set exactly at the epoch boundary, which allows an attacker to halt the blockchain by disrupting consensus progression...
Denial Of Service (DoS)
github.com/babylonlabs-io/babylon is vulnerable to Denial Of Service DoS. The vulnerability is due to the acceptance of transaction fees in denominations other than the native Babylon genesis denom ubbn, which allows an attacker to halt the blockchain by submitting such transactions...
Babylon vulnerable to chain half when transaction has fees different than `ubbn`
Summary Sending transactions with fees different than native Babylon genesis denom ubbn leads to chain halt. Impact Denial of Service - Due to panic in the x/distribution module BeginBlocker triggered by a error when sending fees from feeCollector to x/distribution module -...
GHSA-56J4-446M-QRF6 Babylon vulnerable to chain half when transaction has fees different than `ubbn`
Summary Sending transactions with fees different than native Babylon genesis denom ubbn leads to chain halt. Impact Denial of Service - Due to panic in the x/distribution module BeginBlocker triggered by a error when sending fees from feeCollector to x/distribution module -...
PT-2025-29193 · Go · Github.Com/Babylonlabs-Io/Babylon +1
Summary Sending transactions with fees different than native Babylon genesis denom ubbn leads to chain halt. Impact Denial of Service - Due to panic in the x/distribution module BeginBlocker triggered by a error when sending fees from feeCollector to x/distribution module -...
CVE-2010-5225
Untrusted search path vulnerability in Babylon 8.1.0 r16 allows local users to gain privileges via a Trojan horse BESExtension.dll file in the current working directory, as demonstrated by a directory that contains a .bgl file. NOTE: some of these details are obtained from third party information...
Denial Of Service (DoS)
github.com/babylonlabs-io/babylon is vulnerable to Denial Of Service DoS. The vulnerability is due to an integer overflow due to depositing a large amount of tokens into the validator rewards pool, which triggers a panic in cumulative reward ratio calculation during the EndBlocker execution...
GO-2025-3686 Babylon Finality Provider `MsgCommitPubRandList` replay attack in github.com/babylonlabs-io/babylon
Babylon Finality Provider MsgCommitPubRandList replay attack in github.com/babylonlabs-io/babylon...
GO-2025-3687 Babylon Integer Overflow in Distribution Module CumulativeRewardRatio Calculation Leading to Chain Halt in github.com/babylonlabs-io/babylon
Babylon Integer Overflow in Distribution Module CumulativeRewardRatio Calculation Leading to Chain Halt in github.com/babylonlabs-io/babylon...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the EndBlocker process. An attacker can cause the system to halt by triggering an integer overflow during the cumulative reward ratio calculation. Remediation Upgrade...
Babylon Integer Overflow in Distribution Module CumulativeRewardRatio Calculation Leading to Chain Halt
Summary Minting large amount of tokens through ibc transfer and then depositing them in validator rewards pool via DepositValidatorRewardsPool message can lead to integer overflow panic when calculating cumulativerewardratio for the validator. This calculation happens in x/epoching module...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation due to insufficient validation in the MsgCommitPubRandList handler, combined with a lack of domain separation in signed messages. An attacker can store an invalid PubRand commitment by crafting the message parameters ...
GHSA-7MM3-VFG8-7RG6 Babylon Finality Provider `MsgCommitPubRandList` replay attack
Summary A high vulnerability exists in the Babylon protocol's x/finality module due to a lack of domain separation in signed messages, combined with insufficient validation in the MsgCommitPubRandList handler. Specifically, the handler does not enforce that the submitted Commitment field is 32...
Babylon Finality Provider `MsgCommitPubRandList` replay attack
Summary A high vulnerability exists in the Babylon protocol's x/finality module due to a lack of domain separation in signed messages, combined with insufficient validation in the MsgCommitPubRandList handler. Specifically, the handler does not enforce that the submitted Commitment field is 32...
A week in security (June 8 – 14)
Last week on Malwarebytes Labs, we looked into nasty search hijackers that worried a lot of Chrome users; a list of considerations for MSPs when looking for an RMM platform; the complaint faced by ParetoLogic, the company that issues SpeedyPC, a product that claims to find and remove various PC...
search.babylon.com XSS vulnerability
Open Bug Bounty ID: OBB-622953 Description| Value ---|--- Affected Website:| search.babylon.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
search.babylon.com XSS vulnerability
Vulnerable URL: http://search.babylon.com/imageres.php?iu=http://%22%3E%3Cimg%20src=x%20onerror=prompt%27OPENBUGBOUNTY%27;%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 07.10.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown...