CVE

GHSA-m6wq-66p2-c8pc

Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers

CVE

GHSA-m6wq-66p2-c8pc

Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers

Summary

A vulnerability exists in Babylon’s BLS vote extension processing where a malicious active validator can submit a VoteExtension with the block_hash field omitted from the protobuf serialization. Because protobuf fields are optional, unmarshalling succeeds but leaves BlockHash as nil. Babylon then dereferences this nil pointer in consensus-critical code paths (notably VerifyVoteExtension, and also proposal-time vote verification), causing a runtime panic.

Impact

Intermittent validator crashes at epoch boundaries, which would slow down the creation of the epoch boundary block.

Finder

Vulnerability discovered by:

@GrumpyLaurie55348

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

Related Resources

No items found.

References

https://github.com/babylonlabs-io/babylon/security/advisories/GHSA-m6wq-66p2-c8pc, https://github.com/babylonlabs-io/babylon/commit/f79ad58c1d5bcab3451cb7a47c91e713935917d7, https://github.com/babylonlabs-io/babylon

Severity

0

CVSS Score

Basic Information

Ecosystem

Base CVSS

EPSS Probability

EPSS Percentile

Introduced Version

Fix Available

4.2.0

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

GHSA-m6wq-66p2-c8pc