GO-2024-2638 ValidateVoteExtensions function in Cosmos SDK may allow incorrect voting power assumptions in github.com/cosmos/cosmos-sdk

The default ValidateVoteExtensions helper function infers total voting power based on the injected VoteExtension, which are injected by the proposer. If your chain utilizes the ValidateVoteExtensions helper in ProcessProposal, a dishonest proposer can potentially mutate voting power of each...

ASA-2024-006: ValidateVoteExtensions helper function in Cosmos SDK may allow incorrect voting power assumptions

ASA-2024-006: ValidateVoteExtensions helper function may allow incorrect voting power assumptions Component: Cosmos SDK Criticality: High Affected Versions: Cosmos SDK versions = 0.50.4, on 0.50 branches Affected Users: Chain developers, Validator and Node operators Impact: Elevation of Privilege...

GHSA-95RX-M9M5-M94V ASA-2024-006: ValidateVoteExtensions helper function in Cosmos SDK may allow incorrect voting power assumptions

ASA-2024-006: ValidateVoteExtensions helper function may allow incorrect voting power assumptions Component: Cosmos SDK Criticality: High Affected Versions: Cosmos SDK versions = 0.50.4, on 0.50 branches Affected Users: Chain developers, Validator and Node operators Impact: Elevation of Privilege...

Olas can be locked less than 1 week

Lines of code Vulnerability details Impact The minimum lock time for OLAS is 1 week. If a user locks their OLAS for a duration less than that, their voting power becomes zero. However, in OLAS:createLockFor, the system only checks if the unlockTime is greater than the block.timestamp. Consequentl...

Delegation to address(0) causes permanent loss of voting power

Lines of code Vulnerability details Impact As stated in the comment on line 12 of NontransferableERC20Votes.sol, delegation of vote power can be done through the delegate function or by providing a signature to be used with delegateBySig. However, these functions do not prevent users from...

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to...

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to...

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to...

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to...

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to...

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to...

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to...

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to...

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to...

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to...

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to...

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to...

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Impact Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having ...

Arthimetic operation result in loss of voting power

Lines of code Vulnerability details Impact Carrying out calculation of voting power in function finalize based on division with value 1e4, then subtracting it with totalContributions and after that multiplying and dividing again will be a resultant that cause large precision error or even loss of...

User loss his delegated voting power after delegation to another user.

Lines of code Vulnerability details Vulnerability Details When a user delegate voting power to another user, his previous voting power from delegation has been ignored at getVotingPowerAt since in case isDelegated is true getVotingPowerAt returns 0. Impact Delegated voting power cannot be utilize...