Advisories

October 8, 2025 ยท View on GitHub

This is a list of all ASA advisories issued to date:

AdvisoryTeamSeverityTitle
ASA-2023-001Cosmos SDKMediumCosmovisor
ASA-2023-002CometBFTLowDefault for BlockParams.MaxBytes consensus parameter may increase block times and affect consensus participation
ASA-2024-001CometBFTHighValidation of VoteExtensionsEnableHeight can cause chain halt
ASA-2024-002Cosmos SDKMediumDefault PrepareProposalHandler may produce invalid proposals when used with default SenderNonceMempool
ASA-2024-003Cosmos SDKLowMissing BlockedAddressed Validation in Vesting Module
ASA-2024-004CometBFTLowDefault configuration param for Evidence may limit window of validity
ASA-2024-005Cosmos SDKLowPotential slashing evasion during re-delegation
ASA-2024-006Cosmos SDKHighValidateVoteExtensions helper function may allow incorrect voting power assumptions
ASA-2024-007IBC-GoCriticalPotential Reentrancy using Timeout Callbacks in ibc-hooks
ASA-2024-008CometBFTMediumInstability during blocksync when syncing from malicious peer
ASA-2024-009CometBFTMediumState syncing validator from malicious node may lead to a chain split
ASA-2024-010Cosmos SDKHighcosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic
ASA-2024-011CometBFTHighVote Extensions: Panic when receiving a Pre-commit with an invalid data
ASA-2024-012Cosmos SDKHighASA-2024-0012, ASA-2024-0013: CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion
ASA-2024-013Cosmos SDKHighASA-2024-0012, ASA-2024-0013: CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion
ASA-2025-001CometBFTMediumMalicious peer can disrupt node's ability to sync via blocksync
ASA-2025-002CometBFTHighMalicious peer can stall network by disseminating seemingly valid block parts
ASA-2025-003Cosmos SDKHighGroup module can halt chain when handling a malicious proposal
ASA-2025-004IBC-GoCriticalChain Halt via Non-deterministic deserialization