The header hash was generated with a missing hash of the validateset's priorities information. A malicious user could modify the priorities without causing a state hash validation error. Remarkably this is a known issue in Cometbft that breaks the state hash validation for priorities.
The header hash was generated with a missing hash of the validateset's priorities information. A malicious user could modify the priorities without causing a state hash validation error. Remarkably this is a known issue in Cometbft that breaks the state hash validation for priorities.
This project implemented its own consensus protocol using cometbft's fork project, but many of the flaws that were fixed in cometbft were not fixed by that project, and this issue is one of them. More information is shown below: Other Unsolved issues' Fix PR and Commits: https://github.com/cometbft/cometbft/pull/3984 https://github.com/cometbft/cometbft/pull/3369 https://github.com/cometbft/cometbft/commit/d766d20c0609e3018e26f30aadf91bd322f8cad9 https://github.com/cometbft/cometbft/pull/890 https://github.com/cometbft/cometbft/pull/865