9 matches found
Incomplete Cleanup
Overview Affected versions of this package are vulnerable to Incomplete Cleanup in the x/costaking process. An attacker can continue to accrue rewards without maintaining any actual BTC stake by exploiting a state inconsistency that occurs when a Finality Provider becomes inactive at the same blo...
Babylon Incorrect FP inactive accounting in costaking creates “phantom stake” that earns rewards after BTC unbond
Summary A state consistency bug in x/costaking can leave a BTC delegator with non-zero ActiveSatoshis Phatom Stake even after they have fully unbonded their BTC delegation, if their Finality Provider FP drops out of the active set in the exact same babylon block height. This creates a “phantom...
GHSA-555P-M4V6-CQXV ASA-2024-004: Default configuration param for Evidence may limit window of validity
ASA-2024-004: Default configuration param for Evidence may limit window of validity Component: CometBFT Criticality: Low Affected versions: All Affected users: Validators, Chain Builders + Maintainers Summary A default configuration in CometBFT has been found to be small for common use cases, and...
PT-2024-40088 · Cometbft · Cometbft
Name of the Vulnerable Software and Affected Versions: CometBFT versions All Description: A default configuration in CometBFT has been found to be insufficient for common use cases, potentially preventing the slashing mechanism from working in specific cases. The default values for...
Transfering Bonds would create confusion among delegators because of non-deletion of unbondingLocks & assigning all the new delegators the same unbounding id
Lines of code Vulnerability details transferBond function is used to transfers ownership of a bond to a new delegator using optional hints if needed. Here the old unbound lock is deleted after creating a new one in unbondWithHint function. But the problem lies in the delete operation as it does n...
Malicious users can manipulate the withdrawRound to withdraw their stake before the unbonding period is over.
Lines of code Vulnerability details Impact Disruption the normal bonding incentives and mechanisms in the protocol. Validators or transcoders could withdrew unexpectedly, preventing governance responses to bonded token changes. Proof of Concept The withdrawStake function first checks if the...
Inaccurate Bonded Amount Event Emission
Lines of code Vulnerability details Impact in here : if previous.bondedAmount != current.bondedAmount emit DelegatorBondedAmountChangedaccount, previous.bondedAmount, current.bondedAmount; the function checks if the previous.bondedAmount is not equal to current.bondedAmount before emitting the...
Primary operator can unbond to avoid slashing and DOS job execution
Lines of code Vulnerability details If a primary operator fails to call HolographOperator.executeJob on time, a secondary operator can make the call, which will result in slashing the primary operator, as described in the documentation. The primary operator that failed to do the job, is slashed t...
Unbonding validator random selection can be predicted
Lines of code Vulnerability details Impact When unbonding, the pickvalidator function is supposed to choose a random validator to unstake from. However, this randomness can be predicted knowing the block height which is very easy to predict. let mut iterationindex = 0; while claimed.u128 0 let mu...