Lucene search
+L

9 matches found

Snyk
Snyk
added 2025/12/09 2:25 p.m.2 views

Incomplete Cleanup

Overview Affected versions of this package are vulnerable to Incomplete Cleanup in the x/costaking process. An attacker can continue to accrue rewards without maintaining any actual BTC stake by exploiting a state inconsistency that occurs when a Finality Provider becomes inactive at the same blo...

6.9CVSS6.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/12/09 2:25 p.m.7 views

Babylon Incorrect FP inactive accounting in costaking creates “phantom stake” that earns rewards after BTC unbond

Summary A state consistency bug in x/costaking can leave a BTC delegator with non-zero ActiveSatoshis Phatom Stake even after they have fully unbonded their BTC delegation, if their Finality Provider FP drops out of the active set in the exact same babylon block height. This creates a “phantom...

6.9AI score
Exploits0References3Affected Software4
OSV
OSV
added 2024/02/28 6:6 p.m.7 views

GHSA-555P-M4V6-CQXV ASA-2024-004: Default configuration param for Evidence may limit window of validity

ASA-2024-004: Default configuration param for Evidence may limit window of validity Component: CometBFT Criticality: Low Affected versions: All Affected users: Validators, Chain Builders + Maintainers Summary A default configuration in CometBFT has been found to be small for common use cases, and...

6.6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.6 views

PT-2024-40088 · Cometbft · Cometbft

Name of the Vulnerable Software and Affected Versions: CometBFT versions All Description: A default configuration in CometBFT has been found to be insufficient for common use cases, potentially preventing the slashing mechanism from working in specific cases. The default values for...

7.1AI score
Exploits0References3
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.10 views

Transfering Bonds would create confusion among delegators because of non-deletion of unbondingLocks & assigning all the new delegators the same unbounding id

Lines of code Vulnerability details transferBond function is used to transfers ownership of a bond to a new delegator using optional hints if needed. Here the old unbound lock is deleted after creating a new one in unbondWithHint function. But the problem lies in the delete operation as it does n...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.11 views

Malicious users can manipulate the withdrawRound to withdraw their stake before the unbonding period is over.

Lines of code Vulnerability details Impact Disruption the normal bonding incentives and mechanisms in the protocol. Validators or transcoders could withdrew unexpectedly, preventing governance responses to bonded token changes. Proof of Concept The withdrawStake function first checks if the...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.11 views

Inaccurate Bonded Amount Event Emission

Lines of code Vulnerability details Impact in here : if previous.bondedAmount != current.bondedAmount emit DelegatorBondedAmountChangedaccount, previous.bondedAmount, current.bondedAmount; the function checks if the previous.bondedAmount is not equal to current.bondedAmount before emitting the...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/25 12:0 a.m.7 views

Primary operator can unbond to avoid slashing and DOS job execution

Lines of code Vulnerability details If a primary operator fails to call HolographOperator.executeJob on time, a secondary operator can make the call, which will result in slashing the primary operator, as described in the documentation. The primary operator that failed to do the job, is slashed t...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/03/09 12:0 a.m.9 views

Unbonding validator random selection can be predicted

Lines of code Vulnerability details Impact When unbonding, the pickvalidator function is supposed to choose a random validator to unstake from. However, this randomness can be predicted knowing the block height which is very easy to predict. let mut iterationindex = 0; while claimed.u128 0 let mu...

6.8AI score
Exploits0
Rows per page
Query Builder