Note that the patch is NOT state-machine breaking. The patch can be deployed individually by validators and full nodes without a chain-halt upgrade and should be applied as soon as possible. Though many potentially impacted parties have mitigations in place to prevent the issue from introducing vulnerability into their architectures, we highly recommend that full node operators, oracle networks, and bridges prepare to patch their implementations as quickly as possible once the release is available to fully remediate this issue.
[ ] If your code changes public APIs, have you incremented the crate version numbers and documented your changes in the CHANGELOG.md?
[ ] If you are contributing for the first time, please read the agreement in CONTRIBUTING.md now and add a comment to this pull request stating that your PR is in accordance with the Developer's Certificate of Origin.
Note that the patch is NOT state-machine breaking. The patch can be deployed individually by validators and full nodes without a chain-halt upgrade and should be applied as soon as possible. Though many potentially impacted parties have mitigations in place to prevent the issue from introducing vulnerability into their architectures, we highly recommend that full node operators, oracle networks, and bridges prepare to patch their implementations as quickly as possible once the release is available to fully remediate this issue.
see: https://forum.cosmos.network/t/ibc-security-advisory-huckleberry/10731
PR Checklist:
make
)make test
)go fmt
)golangci-lint run
)go list -json -m all | nancy sleuth
)Thank you for your code, it's appreciated! :)