Vulnerability Report: GO-2024-2874
- GHSA-qjcv-rx3v-7mvj
- Affects: github.com/cosmos/ibc-go, github.com/cosmos/ibc-go/v2, and 5 more
- Published: May 23, 2024
The ibc-go module is affected by the Inter-Blockchain Communication (IBC) protocol "Huckleberry" vulnerability. The vulnerability allowed an attacker to send arbitrary transactions onto target chains and trigger arbitrary state transitions, including but not limited to, theft of funds. It was possible to exploit this vulnerability in specific situations involving relaying packets in which the source chain is also the final destination chain. Affected networks are those that allow for fee grant capabilities and use a native Relayer (e.g., Osmosis and Juno).
Affected Packages
-
PathGo VersionsSymbols
-
before v7.0.1
Affected Modules
-
PathGo Versions
-
all versions, no known fixed
-
all versions, no known fixed
-
all versions, no known fixed
-
all versions, no known fixed
-
all versions, no known fixed
-
all versions, no known fixed
Aliases
References
- https://github.com/cosmos/ibc-go/commit/c77f80f812940fe3b93980d13a5cdd6980e907cc
- https://github.com/cosmos/ibc-go/issues/1532
- https://vuln.go.dev/ID/GO-2024-2874.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.