ADVISORIES.md

Advisories

This is a list of all ASA advisories issued by the /security to date:

Advisory	Team	Severity	Title
ASA-2023-001	Cosmos SDK	Medium	Cosmovisor
ASA-2023-002	CometBFT	Low	Default for BlockParams.MaxBytes consensus parameter may increase block times and affect consensus participation
ASA-2024-001	CometBFT	High	Validation of VoteExtensionsEnableHeight can cause chain halt
ASA-2024-002	Cosmos SDK	Medium	Default PrepareProposalHandler may produce invalid proposals when used with default SenderNonceMempool
ASA-2024-003	Cosmos SDK	Low	Missing BlockedAddressed Validation in Vesting Module
ASA-2024-004	CometBFT	Low	Default configuration param for Evidence may limit window of validity
ASA-2024-005	Cosmos SDK	Low	Potential slashing evasion during re-delegation
ASA-2024-006	Cosmos SDK	High	ValidateVoteExtensions helper function may allow incorrect voting power assumptions
ASA-2024-007	IBC-Go	Critical	Potential Reentrancy using Timeout Callbacks in ibc-hooks
ASA-2024-008	CometBFT	Medium	Instability during blocksync when syncing from malicious peer
ASA-2024-009	CometBFT	Medium	State syncing validator from malicious node may lead to a chain split
ASA-2024-010	Cosmos SDK	High	cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic
ASA-2024-011	CometBFT	High	Vote Extensions: Panic when receiving a Pre-commit with an invalid data
ASA-2024-012	Cosmos SDK	High	ASA-2024-0012, ASA-2024-0013: CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion
ASA-2024-013	Cosmos SDK	High	ASA-2024-0012, ASA-2024-0013: CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion
ASA-2025-001	CometBFT	Medium	Malicious peer can disrupt node's ability to sync via blocksync
ASA-2025-002	CometBFT	High	Malicious peer can stall network by disseminating seemingly valid block parts
ASA-2025-003	Cosmos SDK	High	Group module can halt chain when handling a malicious proposal
ASA-2025-004	IBC-Go	Critical	Chain Halt via Non-deterministic deserialization