Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

πŸ›‘οΈ Arithmetic Overflow in CosmWasm-Std Affects OKP4 Contracts #553

Closed
ccamel opened this issue May 23, 2024 · 2 comments Β· Fixed by #533
Closed

πŸ›‘οΈ Arithmetic Overflow in CosmWasm-Std Affects OKP4 Contracts #553

ccamel opened this issue May 23, 2024 · 2 comments Β· Fixed by #533
Assignees
Labels
security audit Categorizes an issue or PR as relevant to Security Audit

Comments

@ccamel
Copy link
Member

ccamel commented May 23, 2024

Note

Severity: Medium
target: v5.0.0 - Commit: cde785fbd2dad71608d53f8524e0ef8c8f8178af
Ref: OKP4 CosmWasm Audit Report v1.0 - 02-05-2024 - BlockApex

Description

The OKP4 ecosystem is currently using version 1.5.3 of the cosmwasm-std library, which has been found to contain arithmetic overflow issues as detailed in advisory CWA-2024-002. This vulnerability affects all contracts that perform arithmetic operations, including Objectarium, Cognitarium, Dataverse, and Law Stone. Arithmetic overflows can alter the expected behavior of smart contracts by causing computations to wrap incorrectly.

Impact

This overflow can lead to incorrect data processing, resulting in potential state corruption or mismanagement of contract logic. It directly threatens the reliability and effectiveness of the contract's intended functionalities.

Recommendation

Upgrade the cosmwasm-std library to the latest patched version as recommended in the advisory.

@ccamel ccamel added the security audit Categorizes an issue or PR as relevant to Security Audit label May 23, 2024
@github-project-automation github-project-automation bot moved this to πŸ“‹ Backlog in πŸ’» Development May 23, 2024
@ccamel ccamel moved this from πŸ“‹ Backlog to πŸ“† To do in πŸ’» Development May 23, 2024
@bdeneux
Copy link
Contributor

bdeneux commented May 31, 2024

Fixed by @dependabot PR : #533

@ccamel ccamel moved this from πŸ“† To do to πŸ— In progress in πŸ’» Development May 31, 2024
@bdeneux bdeneux linked a pull request May 31, 2024 that will close this issue
@amimart
Copy link
Member

amimart commented Jun 4, 2024

Fixed by @dependabot PR : #533

Yep closing it :)

@amimart amimart closed this as completed Jun 4, 2024
@github-project-automation github-project-automation bot moved this from πŸ— In progress to βœ… Done in πŸ’» Development Jun 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security audit Categorizes an issue or PR as relevant to Security Audit
Projects
Status: βœ… Done
Development

Successfully merging a pull request may close this issue.

3 participants