Publish GHSA-86h5-xcpx-cfqc

advisories/github-reviewed/2024/02/GHSA-86h5-xcpx-cfqc/GHSA-86h5-xcpx-cfqc.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-86h5-xcpx-cfqc",
-  "modified": "2024-02-27T21:55:53Z",
+  "modified": "2024-11-04T17:14:28Z",
   "published": "2024-02-27T21:55:52Z",
   "aliases": [
 
   ],
   "summary": "ASA-2024-005: Potential slashing evasion during re-delegation",
-  "details": "## ASA-2024-005: Potential slashing evasion during re-delegation\n\n**Component**: Cosmos SDK\n**Criticality**: Low\n**Affected Versions**: Cosmos SDK versions <= 0.50.4; <= 0.47.9\n**Affected Users**: Chain developers, Validator and Node operators\n**Impact**: Slashing Evasion\n\n## Summary\n\nAn issue was identified in the slashing mechanism that may allow for the evasion of slashing penalties during a slashing event. If a delegation contributed to byzantine behavior of a validator, and the validator has not yet been slashed, it may be possible for that delegation to evade a pending slashing penalty through re-delegation behavior. Additional validation logic was added to restrict this behavior.\n\n## Next Steps for Impacted Parties\n\nIf you are a chain developer on an affected version of the Cosmos SDK, it is advised to update to the latest available version of the Cosmos SDK for your project.  Once a patched version is available, it is recommended that network operators upgrade.\n\nA Github Security Advisory for this issue is available in the Cosmos-SDK [repository](https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-86h5-xcpx-cfqc). For more information about Cosmos SDK, see https://docs.cosmos.network/.\n\nThis issue was found by cat shark (Khanh) who reported it to the Cosmos Bug Bounty Program on HackerOne on December 6, 2024. If you believe you have found a bug in the Interchain Stack or would like to contribute to the program by reporting a bug, please see https://hackerone.com/cosmos.\n",
+  "details": "## ASA-2024-005: Potential slashing evasion during re-delegation\n\n**Component**: Cosmos SDK\n**Criticality**: Low\n**Affected Versions**: Cosmos SDK versions <= 0.50.4; <= 0.47.9\n**Affected Users**: Chain developers, Validator and Node operators\n**Impact**: Slashing Evasion\n\n## Summary\n\nAn issue was identified in the slashing mechanism that may allow for the evasion of slashing penalties during a slashing event. If a delegation contributed to byzantine behavior of a validator, and the validator has not yet been slashed, it may be possible for that delegation to evade a pending slashing penalty through re-delegation behavior. Additional validation logic was added to restrict this behavior.\n\n## Next Steps for Impacted Parties\n\nIf you are a chain developer on an affected version of the Cosmos SDK, it is advised to update to the latest available version of the Cosmos SDK for your project.  Once a patched version is available, it is recommended that network operators upgrade.\n\nA Github Security Advisory for this issue is available in the Cosmos-SDK [repository](https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-86h5-xcpx-cfqc). For more information about Cosmos SDK, see https://docs.cosmos.network/.\n\nThis issue was found by cat shark (Khanh) who reported it to the Cosmos Bug Bounty Program on HackerOne on December 6, 2023. If you believe you have found a bug in the Interchain Stack or would like to contribute to the program by reporting a bug, please see https://hackerone.com/cosmos.\n",
   "severity": [
 
   ],