Skip to content

Commit

Permalink
Update Fixed Validation of VoteExtensionsEnableHeight can cause cha…
Browse files Browse the repository at this point in the history 
…in halt in Go cosmos cometbft (#1398)

A vulnerability in CometBFT’s validation logic for `VoteExtensionsEnableHeight` can result in a chain halt when triggered through a governance parameter change proposal on an ABCI2 Application Chain. If a parameter change proposal including a `VoteExtensionsEnableHeight` modification is passed, nodes running the affected versions may panic, halting the network.

Co-authored-by: Justin Tieri <37750742+jtieri@users.noreply.github.com>
  • Loading branch information
@jtieri
IAP and jtieri authored Feb 28, 2024
1 parent f6f622e commit 2cc152b
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion interchaintest/go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ require (
cosmossdk.io/x/feegrant v0.1.0
cosmossdk.io/x/upgrade v0.1.0
github.com/avast/retry-go/v4 v4.5.1
github.com/cometbft/cometbft v0.38.2
github.com/cometbft/cometbft v0.38.5
github.com/cosmos/cosmos-sdk v0.50.3
github.com/cosmos/go-bip39 v1.0.0
github.com/cosmos/gogoproto v1.4.11
Expand Down

0 comments on commit 2cc152b

Please sign in to comment.