π‘οΈ Potential slashing evasion during re-delegation #619
Assignees
Labels
security audit
Categorizes an issue or PR as relevant to Security Audit
Comments
ccamel
added
the
security audit
|
|
All good :) |
github-project-automation
bot
moved this from π§ͺ To test
to β
Done
in π» Development
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Note
Severity: High
target: v7.1.0 - Commit: 3c854270b006db30aa3894da2cdba10cc31b8c5f
Ref: OKP4 Blockchain Audit Report v1.0 - 02-05-2024 - BlockApex
Description
During our review of the
okp4d(nowaxoned) blockchain, a significant vulnerability was detected in thestakingmodule of thecosmos-sdkversionv0.50.4, which is currently deployed inokp4d. This critical flaw is associated with the possibility of slashing evasion during re-delegation events. As detailed in the security advisory, the vulnerability stems from a flaw in the slashing mechanism which could potentially allow delegations involved in byzantine behavior to evade slashing penalties if the validator has not yet been slashed and is subjected to re-delegation. This issue was identified and rectified in the subsequentcosmos-sdkrelease (v0.50.5).To thoroughly assess the severity and real-time implications of this vulnerability on the
okp4dblockchain, we executed internal tests using the test case scenarios available in theokp4drepository. Our findings confirm that the vulnerability is indeed exploitable under the current configuration, which underscores the importance of swiftly updating the blockchain dependencies to safeguard against such potential exploits.Recommandation
To mitigate this risk, we recommend that
okp4dpromptly upgrade tocosmos-sdkv0.50.5.References
The text was updated successfully, but these errors were encountered: