ASA-2024-006: ValidateVoteExtensions helper function in Cosmos SDK may allow incorrect voting power assumptions

ASA-2024-006: ValidateVoteExtensions helper function may allow incorrect voting power assumptions Component: Cosmos SDK Criticality: High Affected Versions: Cosmos SDK versions = 0.50.4, on 0.50 branches Affected Users: Chain developers, Validator and Node operators Impact: Elevation of Privilege...

GHSA-95RX-M9M5-M94V ASA-2024-006: ValidateVoteExtensions helper function in Cosmos SDK may allow incorrect voting power assumptions

ASA-2024-006: ValidateVoteExtensions helper function may allow incorrect voting power assumptions Component: Cosmos SDK Criticality: High Affected Versions: Cosmos SDK versions = 0.50.4, on 0.50 branches Affected Users: Chain developers, Validator and Node operators Impact: Elevation of Privilege...

GHSA-86H5-XCPX-CFQC ASA-2024-005: Potential slashing evasion during re-delegation

ASA-2024-005: Potential slashing evasion during re-delegation Component: Cosmos SDK Criticality: Low Affected Versions: Cosmos SDK versions = 0.50.4; = 0.47.9 Affected Users: Chain developers, Validator and Node operators Impact: Slashing Evasion Summary An issue was identified in the slashing...

ASA-2024-002: Default `PrepareProposalHandler` may produce invalid proposals when used with default `SenderNonceMempool`

ASA-2024-002: Default PrepareProposalHandler may produce invalid proposals when used with default SenderNonceMempool Component: Cosmos SDK Criticality: Medium Affected Versions: Cosmos SDK versions = 0.50.3; = 0.47.8 Affected Users: Chain developers, Validator and Node operators Impact: Denial of...

ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module

ASA-2024-003: Missing BlockedAddressed Validation in Vesting Module Component: Cosmos SDK Criticality: Low Affected Versions: Cosmos SDK versions = 0.50.3; = 0.47.8 Affected Users: Chain developers, Validator and Node operators Impact: Denial of Service Description A vulnerability was identified ...

GHSA-4J93-FM92-RP4M ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module

ASA-2024-003: Missing BlockedAddressed Validation in Vesting Module Component: Cosmos SDK Criticality: Low Affected Versions: Cosmos SDK versions = 0.50.3; = 0.47.8 Affected Users: Chain developers, Validator and Node operators Impact: Denial of Service Description A vulnerability was identified ...

GHSA-23PX-MW2P-46QM Cosmos-SDK Cosmovisor component may be vulnerable to denial of service

Component: Cosmovisor Criticality: Medium Affected Versions: Cosmovisor v1.0.0 distributed with Cosmos-SDK 0.46 Affected Users: Validators and Node operators utilizing unsupported versions of Cosmovisor Impact: DOS, potential RCE on node depending on configuration An issue has been identified on...

Cosmos-SDK Cosmovisor component may be vulnerable to denial of service

Component: Cosmovisor Criticality: Medium Affected Versions: Cosmovisor v1.0.0 distributed with Cosmos-SDK 0.46 Affected Users: Validators and Node operators utilizing unsupported versions of Cosmovisor Impact: DOS, potential RCE on node depending on configuration An issue has been identified on...

amountAvailableForStaking() not fully utilized with compoundedAvaxNodeOpAmt easily forfeited

Lines of code Vulnerability details Impact The mitigated step is implemented at the expense of economic loss to both the node operators and the liquid stakers if compoundedAvaxNodeOpAmt ggAVAX.amountAvailableForStaking after all due to situations like liquid stakers have been actively calling...

The node operators are likely to be slashed in an unfair way

Lines of code Vulnerability details C4 issue H-04: Hijacking of node operators minipool causes loss of staked funds Comments In the original implementation, the protocol had some unnecessary state transitions and it was possible for node operators to interfere the recreation process. The main...

NODE OPERATORS CAN WITHDRAW ALL THEIR GGP COLLATERAL BEFORE VALIDATION PERIOD ENDS THEREBY AVOIDING SLASHING.

Lines of code Vulnerability details Impact 1. Node operators can avoid slashing, thus no penalties. 2. Node operators can withdraw their entire GGP collateral before the validation period is over. Proof of Concept The withdrawGGP function in Staking.sol transfers back to node operator excess GGP...

Funds of Node Operators can be nullified by any attacker

Lines of code Vulnerability details Impact The MinipoolManager.createMinipool function do not validate the caller's address due to which any address can invoke the createMinipool function with any nodeID existing or new as input. For any existing nodeID the function can be invoked as long as the...

Node operators cannot withdraw their ETH when they rage quit

Lines of code Vulnerability details Node operators can opt for Rage Quit, after the BLS public key is staked. In the current configuration, they will not be able to retrieve their staked ETH: withdrawETHForKnot will revert here if the lifecycle status is not INITIALSREGISTERED. The lifecycle stat...