search

cosmos / ibc-go

Inter-Blockchain Communication Protocol (IBC) implementation in Golang.
https://ibc.cosmos.network/
MIT License
553 stars 597 forks source link

modules/apps/27-interchain-accounts/host/keeper: suspectibility to vulnerability GO-2024-2584 aka "lashing Evasion" #7519

Closed odeke-em closed 3 weeks ago

odeke-em commented 1 month ago

Found via supply chain security analysis that if we examine https://github.com/cosmos/ibc-go/blob/04bd787b91d1bebd67738593a5dc499ce9b42e41/go.mod#L19 it is suspectible to "Slashing evasion" in github.com/cosmos/cosmos-sdk per https://pkg.go.dev/vuln/GO-2024-2584. Please update to the latest v0.50.10 https://github.com/cosmos/cosmos-sdk/tree/v0.50.10 amirite @julienrbrt @tac0turtle?

DimitrisJim commented 3 weeks ago

thanks! bumped to 0.50.10 in https://github.com/cosmos/ibc-go/pull/7532. Feel free to re-open if I misunderstood something.