Update Patched Fix ASA-2024-006: ValidateVoteExtensions helper function in Cosmos SDK may allow incorrect voting power assumptions #181
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…on in Cosmos SDK may allow incorrect voting power assumptions ## Summary The default `ValidateVoteExtensions` helper function infers total voting power based off of the injected `VoteExtension`, which are injected by the proposer. If your chain utilizes the `ValidateVoteExtensions` helper in ProcessProposal, a dishonest proposer can potentially mutate voting power of each validator it includes in the injected `VoteExtension`, which could have potentially unexpected or negative consequences on modified state. Additional validation on injected `VoteExtension` data was added to confirm voting power against the state machine. **Details** The ValidateVoteExtensions helper function in Cosmos SDK allows a dishonest proposer to mutate the voting power of validators included in the injected VoteExtension. This can lead to unexpected or negative consequences on the modified state of the blockchain. The function infers the total voting power based on the injected VoteExtension, which can be manipulated by the proposer. To mitigate this vulnerability, additional validation on the injected VoteExtension data has been added to confirm voting power against the state machine.
github-actions
bot
added
the
packet-forward-middleware
|
Thankfully since this repo is only an import it should not affect upstreams versions (they can bump without this having to also be updated). does need a go mod tidy. if issues persist after that there is a pending SDK patch for v0.50.5 |
|
I've a strong preference to keeping deps up to date anywhere, regardless. The reason for this is that these repositories are used for reference, and people may reference the versions elsewhere and then end up with an ouchie. |
|
This PR very nice, because it will prevent downgrades of packages to versions containing security issues. go get github.com/cosmos/ibc-apps/modules/ibc-hooks/v7@26f3ad8
go: downloading github.com/cometbft/cometbft v0.37.1
go: downloading github.com/cosmos/cosmos-sdk v0.47.3-0.20230513170018-83d600596f5d
go: downloading github.com/cosmos/ibc-go/v7 v7.0.0Basically when upstream doesn't keep strictly up to date, downstream gets cholera. ... but it seems that this was addressed in a PR by @hoank101 and this one is now safe to close. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
The default
ValidateVoteExtensionshelper function infers total voting power based off of the injectedVoteExtension, which are injected by the proposer. If your chain utilizes theValidateVoteExtensionshelper in ProcessProposal, a dishonest proposer can potentially mutate voting power of each validator it includes in the injectedVoteExtension, which could have potentially unexpected or negative consequences on modified state. Additional validation on injectedVoteExtensiondata was added to confirm voting power against the state machine.Details
The ValidateVoteExtensions helper function in Cosmos SDK allows a dishonest proposer to mutate the voting power of validators included in the injected VoteExtension. This can lead to unexpected or negative consequences on the modified state of the blockchain. The function infers the total voting power based on the injected VoteExtension, which can be manipulated by the proposer. To mitigate this vulnerability, additional validation on the injected VoteExtension data has been added to confirm voting power against the state machine.