The appchain currently relies on cometbft@v0.38.9, a version that is affected by a severe security issue outlined in GHSA-g5xx-c4hv-9ccc . This vulnerability can be exploited by a malicious actor providing a compromised snapshot. Nodes joining the network that sync with this snapshot can trigger chain splits, disrupting network consensus and fragmenting the blockchain.
Solution recommendation
It is recommended upgrading to a patched version of CometBFT that addresses this vulnerability.
Description and context
The appchain currently relies on cometbft@v0.38.9, a version that is affected by a severe security issue outlined in GHSA-g5xx-c4hv-9ccc . This vulnerability can be exploited by a malicious actor providing a compromised snapshot. Nodes joining the network that sync with this snapshot can trigger chain splits, disrupting network consensus and fragmenting the blockchain.
Solution recommendation
It is recommended upgrading to a patched version of CometBFT that addresses this vulnerability.