This is a list of all ASA advisories issued by the /security to date:
| Advisory | Team | Severity | Title |
|---|---|---|---|
| ASA-2023-001 | Cosmos SDK | Medium | Cosmovisor |
| ASA-2023-002 | CometBFT | Low | Default for BlockParams.MaxBytes consensus parameter may increase block times and affect consensus participation |
| ASA-2024-001 | CometBFT | High | Validation of VoteExtensionsEnableHeight can cause chain halt |
| ASA-2024-002 | Cosmos SDK | Medium | Default PrepareProposalHandler may produce invalid proposals when used with default SenderNonceMempool |
| ASA-2024-003 | Cosmos SDK | Low | Missing BlockedAddressed Validation in Vesting Module |
| ASA-2024-004 | CometBFT | Low | Default configuration param for Evidence may limit window of validity |
| ASA-2024-005 | Cosmos SDK | Low | Potential slashing evasion during re-delegation |
| ASA-2024-006 | Cosmos SDK | High | ValidateVoteExtensions helper function may allow incorrect voting power assumptions |
| ASA-2024-007 | IBC-Go | Critical | Potential Reentrancy using Timeout Callbacks in ibc-hooks |
| ASA-2024-008 | CometBFT | Medium | Instability during blocksync when syncing from malicious peer |