Skip to content

fix: ASA-2025-004 vulnerability in IBC module #419

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 17, 2025
Merged

fix: ASA-2025-004 vulnerability in IBC module #419

merged 1 commit into from
Mar 17, 2025

Conversation

pbukva
Copy link
Collaborator

@pbukva pbukva commented Mar 17, 2025

Resolves the "ASA-2025-004: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt" vulnerability, see the link below for details:
GHSA-jg6f-48ff-5xrw

Proposed Changes

[describe the changes here...]

Linked Issues

[if applicable, add links to issues resolved by this PR]

Types of changes

What type of change does this pull request make (put an x in the boxes that apply)?

  • Bug fix (non-breaking change that fixes an issue).
  • New feature added (non-breaking change that adds functionality).
  • Breaking change (fix or feature that would cause existing functionality to stop working as expected).
  • Documentation update.
  • Something else (e.g., tests, scripts, example, deployment, infrastructure).

Checklist

Put an x in the boxes that apply:

  • I have read the CONTRIBUTING guide
  • Checks and tests pass locally

If applicable

  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that code coverage does not decrease
  • I have added/updated the documentation

Further comments

[if this is a relatively large or complex change, kick off a discussion by explaining why you chose the solution you did, what alternatives you considered, etc...]

@pbukva
fix: Fix for the ASA-2025-004 vulnerability in IBC module
7a16522 
Resolves the "ASA-2025-004: Non-deterministic JSON Unmarshalling
of IBC Acknowledgement can result in a chain halt" vulnerability,
see the link below for details:
GHSA-jg6f-48ff-5xrw
@pbukva pbukva self-assigned this Mar 17, 2025
@github-actions GitHub Actions
Copy link

Visit the preview URL for this PR (updated for commit 7a16522):

https://fetch-docs-preview--pr419-fix-asa-2025-004-v1wmwf83.web.app

(expires Sat, 22 Mar 2025 14:14:55 GMT)

🔥 via Firebase Hosting GitHub Action 🌎

Sign: f2de39fd4e81249941960b74fbab0a62d90d69f8

MissingNO57
MissingNO57 approved these changes Mar 17, 2025
View reviewed changes
Copy link
Contributor

@MissingNO57 MissingNO57 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@pbukva pbukva merged commit 644eddd into master Mar 17, 2025
4 checks passed
@pbukva pbukva deleted the fix/ASA-2025-004 branch March 17, 2025 14:33
@pbukva pbukva restored the fix/ASA-2025-004 branch March 17, 2025 14:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MissingNO57 MissingNO57 MissingNO57 approved these changes

@Jonathansumner Jonathansumner Awaiting requested review from Jonathansumner Jonathansumner is a code owner

Assignees

@pbukva pbukva

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pbukva @MissingNO57