This bulletin highlights security improvements in the recent Agoric upgrade, agoric-upgrade-13.
- The advisory pertains to the x/crisis module not causing chain halt in the event of an invariant violation.
- Our mitigation is to remove the module in anticipation of deprecation in future releases. By removing we also remove the need to address a later advisory involving the x/crisis module failing to charge ConstantFee.
For a full list of changes that include non-security fixes, see the agoric-upgrade-13 release notes.
If you need to get in touch with the Agoric security team, do not hesitate to email us at email@example.com. Friendly reminder that we have a bug bounty and reward vulnerabilities reported to us via HackerOne.