GHSA-m6wq-66p2-c8pc

Опубликовано: 08 дек. 2025

Источник: github

Github: Прошло ревью

CVSS4: 8.7

Описание

Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers

Summary

A vulnerability exists in Babylon’s BLS vote extension processing where a malicious active validator can submit a VoteExtension with the block_hash field omitted from the protobuf serialization. Because protobuf fields are optional, unmarshalling succeeds but leaves BlockHash as nil. Babylon then dereferences this nil pointer in consensus-critical code paths (notably VerifyVoteExtension, and also proposal-time vote verification), causing a runtime panic.

Impact

Intermittent validator crashes at epoch boundaries, which would slow down the creation of the epoch boundary block.

Finder

Vulnerability discovered by:

@GrumpyLaurie55348

Ссылки

Пакеты

Наименование

github.com/babylonlabs-io/babylon/v4

Затронутые версииВерсия исправления

< 4.2.0

4.2.0

Наименование

github.com/babylonlabs-io/babylon/v3

Затронутые версииВерсия исправления

<= 3.0.0-snapshot.250805a

Отсутствует

Наименование

github.com/babylonlabs-io/babylon/v2

Затронутые версииВерсия исправления

<= 2.3.2

Отсутствует

Наименование

github.com/babylonlabs-io/babylon

Затронутые версииВерсия исправления

<= 1.1.0

Отсутствует

8.7 High

CVSS4

Дефекты

CWE-476

8.7 High

CVSS4

Дефекты

CWE-476