Note that the patch is NOT state-machine breaking. The patch can be deployed individually by validators and full nodes without a chain-halt upgrade and should be applied as soon as possible. Though many potentially impacted parties have mitigations in place to prevent the issue from introducing vulnerability into their architectures, we highly recommend that full node operators, oracle networks, and bridges prepare to patch their implementations as quickly as possible once the release is available to fully remediate this issue.

see: https://forum.cosmos.network/t/ibc-security-advisory-huckleberry/10731

PR Checklist:

[ ] Have you read the CONTRIBUTING.md?
[ ] Does your PR follow the C4 patch requirements?
[ ] Have you rebased your work on top of the latest master?
[x] Have you checked your code compiles? (make)
[ ] Have you included tests for any non-trivial functionality?
[x] Have you checked your code passes the unit tests? (make test)
[x] Have you checked your code formatting is correct? (go fmt)
[x] Have you checked your basic code style is fine? (golangci-lint run)
[x] If you added any dependencies, have you checked they do not contain any known vulnerabilities? (go list -json -m all | nancy sleuth)
[ ] If your changes affect the client infrastructure, have you run the integration test?
[ ] If your changes affect public APIs, does your PR follow the C4 evolution of public contracts?
[ ] If your code changes public APIs, have you incremented the crate version numbers and documented your changes in the CHANGELOG.md?
[ ] If you are contributing for the first time, please read the agreement in CONTRIBUTING.md now and add a comment to this pull request stating that your PR is in accordance with the Developer's Certificate of Origin.

Thank you for your code, it's appreciated! :)

crypto-org-chain / chain-main

Apply patch for the IBC huckleberry security advisory #976

PR Checklist: