Описание
Babylon Integer Overflow in Distribution Module CumulativeRewardRatio Calculation Leading to Chain Halt
Summary
Minting large amount of tokens through ibc transfer and then depositing them in validator rewards pool (via DepositValidatorRewardsPool message) can lead to integer overflow panic when calculating cumulative_reward_ratio for the validator.
This calculation happens in x/epoching module EndBlocker, thus the panic will halt the chain.
Impact
Denial of Service - Due to panic in the EndBlocker Babylon Genesis will halt
Пакеты
Наименование
github.com/babylonlabs-io/babylon
go
Затронутые версииВерсия исправления
< 1.1.0
1.1.0
8.2 High
CVSS4
Дефекты
CWE-190
CWE-770
8.2 High
CVSS4
Дефекты
CWE-190
CWE-770