Agoric-upgrade-13 security bulletin

sraph_agoric · December 28, 2023, 9:12pm

Upgrade-13 Security Bulletin

This bulletin highlights security improvements in the recent Agoric upgrade, agoric-upgrade-13.

Cosmos-SDK Advisory GHSA-qfc5-6r3j-jj22

The advisory pertains to the x/crisis module not causing chain halt in the event of an invariant violation.
Our mitigation is to remove the module in anticipation of deprecation in future releases. By removing we also remove the need to address a later advisory involving the x/crisis module failing to charge ConstantFee.

For a full list of changes that include non-security fixes, see the agoric-upgrade-13 release notes.

If you need to get in touch with the Agoric security team, do not hesitate to email us at security@agoric.com. Friendly reminder that we have a bug bounty and reward vulnerabilities reported to us via HackerOne.

Topic		Replies	Views
Agoric-upgrade-14 security bulletin Security	0	148	April 9, 2024
Agoric-upgrade-12 security bulletin Security	0	221	November 21, 2023
Agoric upgrade-15 security bulletin Security	0	122	May 15, 2024
Patched Security Vulnerability on the Agoric Network Security	0	273	September 28, 2023
Agoric Mainnet Update: Cosmos Barberry Patch Validators	2	337	June 12, 2023

Agoric-upgrade-13 security bulletin

Upgrade-13 Security Bulletin

Cosmos-SDK Advisory GHSA-qfc5-6r3j-jj22

Related Topics