- "details": "## ASA-2024-005: Potential slashing evasion during re-delegation\n\n**Component**: Cosmos SDK\n**Criticality**: Low\n**Affected Versions**: Cosmos SDK versions <= 0.50.4; <= 0.47.9\n**Affected Users**: Chain developers, Validator and Node operators\n**Impact**: Slashing Evasion\n\n## Summary\n\nAn issue was identified in the slashing mechanism that may allow for the evasion of slashing penalties during a slashing event. If a delegation contributed to byzantine behavior of a validator, and the validator has not yet been slashed, it may be possible for that delegation to evade a pending slashing penalty through re-delegation behavior. Additional validation logic was added to restrict this behavior.\n\n## Next Steps for Impacted Parties\n\nIf you are a chain developer on an affected version of the Cosmos SDK, it is advised to update to the latest available version of the Cosmos SDK for your project. Once a patched version is available, it is recommended that network operators upgrade.\n\nA Github Security Advisory for this issue is available in the Cosmos-SDK [repository](https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-86h5-xcpx-cfqc). For more information about Cosmos SDK, see https://docs.cosmos.network/.\n\nThis issue was found by cat shark (Khanh) who reported it to the Cosmos Bug Bounty Program on HackerOne on December 6, 2024. If you believe you have found a bug in the Interchain Stack or would like to contribute to the program by reporting a bug, please see https://hackerone.com/cosmos.\n",
![advisory-database[bot]](https://avatars.githubusercontent.com/in/21409?v=4&size=40){kind=avatar}
0 commit comments