Cosmos - HackerOne Reports
View on HackerOne10
Total Reports
2
Critical
1
High
2
Medium
4
Low
Unclaimed official s3 bucket of tendermint(tendermint-packages) which is used by many other blockchain companies in their code
Reported by:
gaurav-bhatia
|
Disclosed:
Low
Weakness: Business Logic Errors
Bounty: $400.00
Attacker can use any non-enabled capability
Reported by:
julianor
|
Disclosed:
Low
Weakness: Privilege Escalation
Bounty: $2000.00
Making transfer v2 channel unupgradable through the forwarding
Reported by:
unknown_feature
|
Disclosed:
Low
Weakness: Business Logic Errors
Heap-Buffer-Overread in contains_whitespace when calling parser_validate after supplying a maliciously crafted buffer to parser_parse
Reported by:
l33thaxor
|
Disclosed:
Weakness: Buffer Over-read
Bounty: $2000.00
Replacing ICA active channel during the upgrade and a bit more
Reported by:
unknown_feature
|
Disclosed:
Low
Weakness: Business Logic Errors
RCE and DoS in Cosmovisor
Reported by:
strikeout
|
Disclosed:
Medium
Weakness: Code Injection
Unauthorized coins transfer from locking account(s)
Reported by:
unknown_feature
|
Disclosed:
Critical
Weakness: Improper Access Control - Generic
Circuit Breaker Authorization Issue
Reported by:
strikeout
|
Disclosed:
Medium
Weakness: Improper Access Control - Generic
Race condition in faucet when using starport
Reported by:
cyberboy
|
Disclosed:
Critical
Bounty: $5000.00
Groups module can halt chain when handling a proposal with malicious group weights
Reported by:
vakzz
|
Disclosed:
High
Bounty: $15000.00