ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic

Name: ASA-2024-010: Mismatched bit-length in sdk.Int and sdk.Dec can lead to panic Component: Cosmos SDK / Math Criticality: High Considerable Impact, and Possible Likelihood per ACMv1.2 Affected versions: cosmossdk.io/math package versions = math/v1.3.0 Affected users: Chain Builders +...

GHSA-J496-CRGH-34MX ibc-go: Potential Reentrancy using Timeout Callbacks in ibc-hooks

Name: ASA-2024-007: Potential Reentrancy using Timeout Callbacks in ibc-hooks Component: ibc-go Criticality: Critical ACMv1: I:Critical; L:AlmostCertain Affected versions: v4.6.0, v5.4.0, v6.3.0, v7.4.0, v8.2.0 Affected users: Chain Builders + Maintainers Summary Through the deployment and...

ibc-go: Potential Reentrancy using Timeout Callbacks in ibc-hooks

Name: ASA-2024-007: Potential Reentrancy using Timeout Callbacks in ibc-hooks Component: ibc-go Criticality: Critical ACMv1: I:Critical; L:AlmostCertain Affected versions: v4.6.0, v5.4.0, v6.3.0, v7.4.0, v8.2.0 Affected users: Chain Builders + Maintainers Summary Through the deployment and...

ASA-2024-004: Default configuration param for Evidence may limit window of validity

ASA-2024-004: Default configuration param for Evidence may limit window of validity Component: CometBFT Criticality: Low Affected versions: All Affected users: Validators, Chain Builders + Maintainers Summary A default configuration in CometBFT has been found to be small for common use cases, and...

GHSA-555P-M4V6-CQXV ASA-2024-004: Default configuration param for Evidence may limit window of validity

ASA-2024-004: Default configuration param for Evidence may limit window of validity Component: CometBFT Criticality: Low Affected versions: All Affected users: Validators, Chain Builders + Maintainers Summary A default configuration in CometBFT has been found to be small for common use cases, and...

GHSA-HQ58-P9MV-338C CometBFT's default for `BlockParams.MaxBytes` consensus parameter may increase block times and affect consensus participation

Amulet Security Advisory for CometBFT: ASA-2023-002 Component: CometBFT Criticality: Low Affected versions: All Affected users: Validators, Chain Builders + Maintainers Summary A default configuration in CometBFT has been found to be large for common use cases, and may affect block times and...