GO-2025-4236 Finality Provider vulnerable to anti-slashing bypassing due to misconfiguration in github.com/babylonlabs-io/finality-provider

Finality Provider vulnerable to anti-slashing bypassing due to misconfiguration in github.com/babylonlabs-io/finality-provider...

EUVD-2025-203111

Finality Provider vulnerable to anti-slashing bypassing due to misconfiguration...

GHSA-4JMP-X7MH-RGMR Finality Provider vulnerable to anti-slashing bypassing due to misconfiguration

Summary The anti-slashing is not effective if the attacker can access EOTS manager endpoints. Impact If the EOTS manager endpoints are open to public without HMAC protection, the attacker can manually cause slashing of the finality provider through the RPC endpoints. Report credits go to:...

Finality Provider vulnerable to anti-slashing bypassing due to misconfiguration

Summary The anti-slashing is not effective if the attacker can access EOTS manager endpoints. Impact If the EOTS manager endpoints are open to public without HMAC protection, the attacker can manually cause slashing of the finality provider through the RPC endpoints. Report credits go to:...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the improper handling of gas limits in precompile executions. An attacker can manipulate the state of the blockchain by causing certain functions to execute with insufficient gas, leading to incomplete...

Horcrux Double Sign Possibility

Horcrux Incident Disclosure: Possible Double-Sign Summary On March 6, 2025, a Horcrux user 01node experienced a double-signing incident on the Osmosis network, resulting in a 5% slash penalty approximately 75,000 OSMO or $20,000 USD. After thorough investigation, we have identified a race conditi...

CVE-2022-29219

Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain. Because the developers represent uint64 values as native javascript...

Missing Cryptographic Equivocation

github.com/cosmos/gaia is vulnerable to Missing Cryptographic Equivocation. The vulnerability is caused due to an issue in the Interchain Security ICS module that could result in the slashing of a validator for an "old" equivocation...

Slashing Evasion Through Re-Delegation

github.com/cosmos/cosmos-sdk is vulnerable to slashing evasion during re-delegation. The vulnerability is due to an issue in the slashing mechanism that allows delegations contributing to byzantine behavior of a validator to evade slashing penalties through re-delegation, if the validator has not...

GHSA-555P-M4V6-CQXV ASA-2024-004: Default configuration param for Evidence may limit window of validity

ASA-2024-004: Default configuration param for Evidence may limit window of validity Component: CometBFT Criticality: Low Affected versions: All Affected users: Validators, Chain Builders + Maintainers Summary A default configuration in CometBFT has been found to be small for common use cases, and...

PT-2024-40088 · Cometbft · Cometbft

Name of the Vulnerable Software and Affected Versions: CometBFT versions All Description: A default configuration in CometBFT has been found to be insufficient for common use cases, potentially preventing the slashing mechanism from working in specific cases. The default values for...

ASA-2024-005: Potential slashing evasion during re-delegation

ASA-2024-005: Potential slashing evasion during re-delegation Component: Cosmos SDK Criticality: Low Affected Versions: Cosmos SDK versions = 0.50.4; = 0.47.9 Affected Users: Chain developers, Validator and Node operators Impact: Slashing Evasion Summary An issue was identified in the slashing...

GHSA-86H5-XCPX-CFQC ASA-2024-005: Potential slashing evasion during re-delegation

ASA-2024-005: Potential slashing evasion during re-delegation Component: Cosmos SDK Criticality: Low Affected Versions: Cosmos SDK versions = 0.50.4; = 0.47.9 Affected Users: Chain developers, Validator and Node operators Impact: Slashing Evasion Summary An issue was identified in the slashing...

Fully slashed transcoder can vote with 0 weight messing up the voting calculations

Lines of code Vulnerability details Impact If a transcoder gets slashed fully he can still vote with 0 amount of weight making any other delegated user that wants to change his vote to subtract their weight amount from other delegators/transcoders. Proof of Concept In BondingManager.sol any...

[M-01] Transcoder can front-run slasher to avoid getting slashed and continue voting

Lines of code Vulnerability details Impact In BondingManager.slashTranscoder, verifier can slash transcoderdelegator bonded amounts. However, this can be easily front runned via BondingManager.unbondWithHint by reducing bonded amount to avoid slashing via underflow and keep bonded position...

verifyWithdrawalCredentialsAndBalance does not verify that oracleBlockNumber is the latest block number.

Lines of code Vulnerability details Impact After participating in Ethereum Staking, you may receive shares based on your balance when it was 32 ETH, even though you may have suffered a certain level of slashing at 32 ETH. Until some conscientious watcher proves the slashing in the Consensus Layer...

A staker with verified over-commitment can potentially bypass slashing completely

Lines of code Vulnerability details Description In EigenLayer, watchers submit over-commitment proof in the event a staker's balance on the Beacon chain falls below the minimum restaked amount per validator. In such a scenario, stakers’ shares are decreased by the restaked amount. Note that when ...

The node operators are likely to be slashed in an unfair way

Lines of code Vulnerability details C4 issue H-04: Hijacking of node operators minipool causes loss of staked funds Comments In the original implementation, the protocol had some unnecessary state transitions and it was possible for node operators to interfere the recreation process. The main...

Deficiency of slashed GGP amount should be made up from node operator's AVAX

Lines of code Vulnerability details Impact If staked GGP doesn't cover slash amount, slashing it all will not be fair to the liquid stakers. Slashing is rare, and that the current 14 day validation cycle which is typically 1/26 of the minimum amount of GGP staked is unlikely to bump into this...

Upgraded Q -> 3 from #867 [1675460716325]

Judge has assessed an item in Issue 867 as 3 risk. The relevant finding follows: L-02, MinipoolManager, lines 670 - 684: The slash function slashes a node operator for the amount of whole duration. Since the cycles are in 14 days and the slashing is checked in the recordStakingEnd, if an operator...