Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

State syncing validator from malicious node may lead to a chain split #1468

Open
rootulp opened this issue Sep 4, 2024 · 1 comment · May be fixed by #1495
Open

State syncing validator from malicious node may lead to a chain split #1468

rootulp opened this issue Sep 4, 2024 · 1 comment · May be fixed by #1495
Assignees
@rootulp
Labels
T:dependencies Type: Pull requests that update a dependency file WS: Maintenance 🔧

Comments

@rootulp
Copy link
Collaborator

rootulp commented Sep 4, 2024

Context

GHSA-g5xx-c4hv-9ccc

Problem

There is a security vulnerability with state sync

Proposal

Pull upstream changes from https://github.com/cometbft/cometbft/releases/tag/v0.34.34
@rootulp rootulp added the T:dependencies Type: Pull requests that update a dependency file label Sep 4, 2024
@ninabarbakadze ninabarbakadze self-assigned this Sep 9, 2024
@rootulp rootulp assigned rootulp and unassigned ninabarbakadze Sep 17, 2024
@rootulp
Copy link
Collaborator Author

rootulp commented Sep 20, 2024
edited
Loading

  • This repo is currently based on CometBFT v0.34.29.
  • The security advisory was fixed in CometBFT v0.34.34.
  • The latest release in this release line is CometBFT v0.34.35.
  • The diff from v0.34.29 to v0.34.35 is 150 commits.

I'm going to try and merge v0.34.35 into v0.34.x-celestia. If that proves difficult, I'll cherry-pick the commits that resolve the security advisory.

rootulp pushed a commit to rootulp/celestia-core that referenced this issue Sep 20, 2024
@melekes @forcodedancing @andynog
consensus: return last saved BeginBlock, not a empty one (#1783)
578702c 
Otherwise, the events from app's BeginBlock won't be fired.

Closes celestiaorg#1468

Co-authored-by: forcodedancing <just.haha.it@gmail.com>
Co-authored-by: Andy Nogueira <me@andynogueira.dev>
@rootulp rootulp linked a pull request Sep 20, 2024 that will close this issue
Draft
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rootulp rootulp

Labels
T:dependencies Type: Pull requests that update a dependency file WS: Maintenance 🔧
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: pull cometbft v0.34.35 rootulp/celestia-core
3 participants
@rootulp @evan-forbes @ninabarbakadze