Impact
Chains running any of the following packet-forward-middleware versions are subject to potential chain-halt due to error non-determinism:
v4.1.0
v5.2.0
v6.1.0
Strangelove has already begun disclosure by contacting impacted parties. If you have not been contacted, you are likely not impacted.
This issue was reported by the Osmosis team via the Cosmos HackerOne Program, which now includes rewards for valid bugs reported in the Packet Forward Middleware repository. If you believe you have found a bug in the Interchain Stack or would like to contribute to the program by reporting a bug, please see https://hackerone.com/cosmos.
Patches
Please patch at your earliest convenience by applying one of the following patch versions, respective to the chain's ibc-go major version:
v4.1.1
v5.2.1
v6.1.1
More details coming soon...
Impact
Chains running any of the following packet-forward-middleware versions are subject to potential chain-halt due to error non-determinism:
v4.1.0
v5.2.0
v6.1.0
Strangelove has already begun disclosure by contacting impacted parties. If you have not been contacted, you are likely not impacted.
This issue was reported by the Osmosis team via the Cosmos HackerOne Program, which now includes rewards for valid bugs reported in the Packet Forward Middleware repository. If you believe you have found a bug in the Interchain Stack or would like to contribute to the program by reporting a bug, please see https://hackerone.com/cosmos.
Patches
Please patch at your earliest convenience by applying one of the following patch versions, respective to the chain's ibc-go major version:
v4.1.1
v5.2.1
v6.1.1
More details coming soon...