CVE-2020-15091

Name of the Vulnerable Software and Affected Versions TenderMint versions 0.33.0 through 0.33.5

Description The issue allows block proposers to include signatures for the wrong block, which can happen naturally if a network is started, run for some time, and then restarted without changing the chainID. A malicious block proposer, even with a minimal amount of stake, can use this to completely halt the network. The problem is fixed in TenderMint 0.33.6, which checks all signatures for the block with a 2/3+ majority before creating a commit. This vulnerability can also lead to a situation where proposers can claim that all other validators signed a block by including a CommitSig with arbitrary signature data, potentially impacting incentivization logic in applications that depend on the LastCommitInfo.

Recommendations For TenderMint versions 0.33.0 through 0.33.5, update to version 0.33.6 to fix the issue. As a temporary workaround, consider restricting the ability of block proposers to include signatures for the wrong block until a patch is available. Avoid using the vulnerable functionality in the affected API endpoints until the issue is resolved.