An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yOXJ2LTltaDgtcHhmNM4AA5Cj
Nervos CKB BlockTimeTooNew should not be considered as invalid block
Currently, when a node receives a block in future according to its local wall clock, it will mark the block as invalid and ban the peer.
If the header's timestamp is more than 15 seconds ahead of our current time. In that case, the header may become valid in the future, and we don't want to disconnect a peer merely for serving us one too-far-ahead block header, to prevent an attacker from splitting the network by mining a block right at the 15 seconds boundary.
Upgrade to v0.33.1 or above.
Don't ban peer serving too-far-ahead block header.Permalink: https://github.com/advisories/GHSA-r9rv-9mh8-pxf4
Source: GitHub Advisory Database
Published: 28 days ago
Updated: 28 days ago
Fixed in: 0.33.1