GHSA-2gw2-qgjg-xh6p: Namada-apps allows Post-Genesis Validator Bypass
Ledger crash. A user is able to initialize a post-genesis validator with a negative commission rate using the --force
flag. If this validator gets into the consensus set, then when computing PoS inflation inside fn update_rewards_products_and_mint_inflation
, an instance of mul_floor
will cause the return of an Err
, which causes finalize_block
to error.
References
Detect and mitigate GHSA-2gw2-qgjg-xh6p with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →