4 matches found
Always-Incorrect Control Flow Implementation
Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to incorrect state handling in nested execution paths involving the ICS20 precompile. An attacker can repeatedly utilize the same token balance within a single transaction by exploiting...
Improper Input Validation
github.com/cosmos/interchain-security is vulnerable to Improper Input Validation. The vulnerability is caused due to a missing validation on the ICS side to check if the signer matches the provider address. This can lead to any user opt-in, opt-out, change the commission rate, or change what publ...
GO-2024-3121 Interchain Security: The signers of ICS messages do not need to match the provider address in github.com/cosmos/interchain-security
Interchain Security: The signers of ICS messages do not need to match the provider address in github.com/cosmos/interchain-security...
Missing Cryptographic Equivocation
github.com/cosmos/gaia is vulnerable to Missing Cryptographic Equivocation. The vulnerability is caused due to an issue in the Interchain Security ICS module that could result in the slashing of a validator for an "old" equivocation...