Cosmos Program Statistics

View program

12 total issues disclosed

$21,500 total paid publicly

Most disclosed (3 disclosures) — None supplied

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
Memory Exhaustion in CometBFT v1.0.1 via malicious ProposalMessage leads to network-wide denial of service None supplied 0xjam No rating 2026-01-20
Economic DoS (Griefing) on IBC Relayers via `memo` Callback Gas Exploitation Uncontrolled Resource Consumption tychebe High 2025-12-18
Making transfer v2 channel unupgradable through the forwarding Business Logic Errors unknown_feature Low 2025-06-30
Replacing ICA active channel during the upgrade and a bit more Business Logic Errors unknown_feature Low 2025-06-30
Unauthorized coins transfer from locking account(s) Improper Access Control - Generic unknown_feature Critical 2025-06-29
Groups module can halt chain when handling a proposal with malicious group weights None supplied vakzz High 2025-04-23
Attacker can use any non-enabled capability Privilege Escalation julianor Low 2025-01-15
Heap-Buffer-Overread in contains_whitespace when calling parser_validate after supplying a maliciously crafted buffer to parser_parse Buffer Over-read l33thaxor No rating 2024-11-19
RCE and DoS in Cosmovisor Code Injection strikeout Medium 2023-10-10
Circuit Breaker Authorization Issue Improper Access Control - Generic strikeout Medium 2023-09-18
Unclaimed official s3 bucket of tendermint(tendermint-packages) which is used by many other blockchain companies in their code Business Logic Errors gaurav-bhatia Low 2023-02-15
Race condition in faucet when using starport None supplied cyberboy Critical 2022-07-26