Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04M3FyLTl2MmgtcXhwNM4AA-qg
Cosmos Hub (Gaia): The check for the height of cryptographic equivocation evidence is missing
Summary
An issue was identified in the Interchain Security (ICS) module that could result in the slashing of a validator for an "old" equivocation. The height-base filter for consumer equivocation evidence introduced in v2.4.0-lsm was re-enabled.
Details
ICS v2.4.0-lsm introduced a height-base filter for consumer equivocation evidence. This feature enables a provider to set per consumer chain minimum heights for which cryptographic evidence is considered valid. The Cosmos Hub v14 upgrade bumped ICS to v2.4.0-lsm and also set the minimum evidence height for both neutron-1 and stride-1 consumer chains to their respective height at that time (see PR). As a result, "older" cryptographic evidence was no longer accepted by the Hub.
The Cosmos Hub v15 upgrade bumped ICS to v3.3.3-lsm, which had the height-base filter for consumer equivocation evidence disabled.
Permalink: https://github.com/advisories/GHSA-83qr-9v2h-qxp4JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04M3FyLTl2MmgtcXhwNM4AA-qg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 3 months ago
Updated: 3 months ago
Identifiers: GHSA-83qr-9v2h-qxp4
References:
- https://github.com/cosmos/gaia/security/advisories/GHSA-83qr-9v2h-qxp4
- https://github.com/advisories/GHSA-83qr-9v2h-qxp4
Blast Radius: 0.0
Affected Packages
go:github.com/cosmos/gaia
Dependent packages: 36Dependent repositories: 3
Downloads:
Affected Version Ranges: > 14.2.0, < 17.3.0
Fixed in: 17.3.0
All affected versions:
All unaffected versions: 0.0.0, 1.0.0