Advisories

This is a list of all ASA advisories issued by the /security to date:

Advisory	Team	Severity	Title
ASA-2023-001	Cosmos SDK	Medium	Cosmovisor
ASA-2023-002	CometBFT	Low	Default for `BlockParams.MaxBytes` consensus parameter may increase block times and affect consensus participation
ASA-2024-001	CometBFT	High	Validation of `VoteExtensionsEnableHeight` can cause chain halt
ASA-2024-002	Cosmos SDK	Medium	Default `PrepareProposalHandler` may produce invalid proposals when used with default `SenderNonceMempool`
ASA-2024-003	Cosmos SDK	Low	Missing `BlockedAddressed` Validation in Vesting Module
ASA-2024-004	CometBFT	Low	Default configuration param for Evidence may limit window of validity
ASA-2024-005	Cosmos SDK	Low	Potential slashing evasion during re-delegation
ASA-2024-006	Cosmos SDK	High	ValidateVoteExtensions helper function may allow incorrect voting power assumptions
ASA-2024-007	IBC-Go	Critical	Potential Reentrancy using Timeout Callbacks in ibc-hooks
ASA-2024-008	CometBFT	Medium	Instability during blocksync when syncing from malicious peer
ASA-2024-009	CometBFT	Medium	State syncing validator from malicious node may lead to a chain split
ASA-2024-010	Cosmos SDK	High	cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic
ASA-2024-011	CometBFT	High	Vote Extensions: Panic when receiving a Pre-commit with an invalid data

Provide feedback