GHSA-86h5-xcpx-cfqc: ASA-2024-005: Potential slashing evasion during re-delegation

February 27, 2024 (updated November 4, 2024)

An issue was identified in the slashing mechanism that may allow for the evasion of slashing penalties during a slashing event. If a delegation contributed to byzantine behavior of a validator, and the validator has not yet been slashed, it may be possible for that delegation to evade a pending slashing penalty through re-delegation behavior. Additional validation logic was added to restrict this behavior.

References

github.com/advisories/GHSA-86h5-xcpx-cfqc
github.com/cosmos/cosmos-sdk
github.com/cosmos/cosmos-sdk/commit/7dbed2fc0c3ed7c285645e21cb1037d8810372ae
github.com/cosmos/cosmos-sdk/commit/d1b5b0c5ae2c51206cc1849e09e4d59986742cc3
github.com/cosmos/cosmos-sdk/security/advisories/GHSA-86h5-xcpx-cfqc

Detect and mitigate GHSA-86h5-xcpx-cfqc with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →