N/A

CVSS Score

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-869w-47c6-fq8q

GHSA-869w-47c6-fq8q: Babylon Integer Overflow in Distribution Module CumulativeRewardRatio Calculation Leading to Chain Halt

Summary

Minting large amount of tokens through ibc transfer and then depositing them in validator rewards pool (via DepositValidatorRewardsPool message) can lead to integer overflow panic when calculating cumulative_reward_ratio for the validator.

This calculation happens in x/epoching module EndBlocker, thus the panic will halt the chain.

Impact

Denial of Service - Due to panic in the EndBlocker Babylon Genesis will halt

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-869w-47c6-fq8q

GHSA-869w-47c6-fq8q:

N/A

CVSS Score

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/babylonlabs-io/babylon	go	<= 1.0.2

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The provided commit (f0a29d60f206268b56992fa50f38a48077eb4f59) implements a mitigation by adding an input restriction (the 'bankSendRestrictionOnlyBondDenomToDistribution' function in 'app/keepers/keepers.go'). This restriction prevents certain types of tokens from being sent to the distribution module, thereby indirectly preventing the conditions that lead to the integer overflow. However, this commit does not show the actual code for the 'cumulative_reward_ratio' calculation within the 'x/epoching' module's 'EndBlocker' (where the overflow occurs), nor does it show the handler for the 'DepositValidatorRewardsPool' message (which processes the problematic input). As the task requires identifying vulnerable functions based on the provided patches, and this patch shows a mitigation rather than the vulnerable code itself, I cannot confidently identify the functions that contain the vulnerability or process the malicious input leading directly to the overflow from this specific patch's content.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-869w-47c6-fq8q: Babylon Integer Overflow in Distribution Module CumulativeRewardRatio Calculation Leading to Chain Halt

Summary

Impact

GHSA-869w-47c6-fq8q:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

GHSA-869w-47c6-fq8q: Babylon Integer Overflow in Distribution Module CumulativeRewardRatio Calculation Leading to Chain Halt

Summary

Impact

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

N/A

N/A

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI