Описание
Babylon vulnerable to chain halt when a message modifies the validator set at the epoch boundary
Summary
Sending a message that modifies the validator set at the epoch boundary halts the chain.
Impact
Denial of Service - Comos-sdk prevents modifying the validator set from two different modules - https://github.com/cosmos/cosmos-sdk/blob/release/v0.50.x/types/module/module.go#L811. Such an operation leads to panic and chain halt.
Detailed Post mortem
Ссылки
- https://github.com/babylonlabs-io/babylon/security/advisories/GHSA-rj53-j6jw-7f7g
- https://github.com/babylonlabs-io/babylon/pull/1244/files
- https://boiling-lake-106.notion.site/2025-06-18-Babylon-Genesis-Chain-Halt-Post-Mortem-229f60cc1b5f80b7adf5e3ea0541ea87
- https://github.com/babylonlabs-io/babylon/releases/tag/v2.1.0
Пакеты
Наименование
github.com/babylonlabs-io/babylon/v2
go
Затронутые версииВерсия исправления
>= 2.0.0, < 2.1.0
2.1.0
8.9 High
CVSS4
Дефекты
CWE-754
8.9 High
CVSS4
Дефекты
CWE-754