Drop nil voters when handling misbehaviour #1403

sainoe · 2023-11-10T08:35:29Z

Problem

Validators who vote nil don't have their signature verified in comet. Consequently, they should not be extracted as byzantine validators when handling MsgConsumerMisbehaviour, find the complete bug report here.

Edit: It's also critical that we check that Misbehaviours comes from a valid consumer chain light client. Otherwise the above isn't sufficient to stop an attacker from introducing bogus validator signatures.

Props to @insumity for finding this issue ❤️.

The text was updated successfully, but these errors were encountered:

github-project-automation bot added this to Cosmos Hub Nov 10, 2023

github-project-automation bot moved this to 🩹 F1: Triage in Cosmos Hub Nov 10, 2023

sainoe mentioned this issue Nov 10, 2023

EPIC: Cryptographic verification of equivocation #732

Closed

sainoe self-assigned this Nov 10, 2023

sainoe moved this from 🩹 F1: Triage to 👀 F3: InReview in Cosmos Hub Nov 10, 2023

sainoe mentioned this issue Nov 10, 2023

fix!: drop nil votes in misbehaviour handling #1404

Merged

21 tasks

sainoe closed this as completed Nov 13, 2023

github-project-automation bot moved this from 👀 F3: InReview to 👍 F4: Assessment in Cosmos Hub Nov 13, 2023

mpoke moved this from 👍 F4: Assessment to ✅ Done in Cosmos Hub Nov 16, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Drop nil voters when handling misbehaviour #1403

Drop nil voters when handling misbehaviour #1403

sainoe commented Nov 10, 2023 •

edited

Loading

Drop nil voters when handling misbehaviour #1403

Drop nil voters when handling misbehaviour #1403

Comments

sainoe commented Nov 10, 2023 • edited Loading

Problem

sainoe commented Nov 10, 2023 •

edited

Loading