Skip to content

Commit

Permalink
Add cosmwasm-vm advisory CWA-2024-004 (#2034)
Browse files Browse the repository at this point in the history 
* Add CWA-2024-004

* Fix GHSA
  • Loading branch information
@chipshort
chipshort authored Aug 8, 2024
1 parent 9d024c0 commit c97d3fd
Showing 1 changed file with 19 additions and 0 deletions.
19 changes: 19 additions & 0 deletions crates/cosmwasm-vm/RUSTSEC-0000-0000.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "cosmwasm-vm"
date = "2024-08-08"
url = "https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2024-004.md"
categories = ["denial-of-service"]
keywords = ["resource-consumption"]
aliases = ["GHSA-rg2q-2jh9-447q"]

[versions]
patched = [">= 1.5.6, < 2.0.0", ">= 2.0.5, < 2.1.0", ">= 2.1.2"]
```

# CWA-2024-004: Gas mispricing in cosmwasm-vm

Some Wasm operations take significantly more gas than our benchmarks indicated. This can lead to missing the gas target we defined by a factor of ~10x. This means a malicious contract could take 10 times as much time to execute as expected, which can be used to temporarily DoS a chain.

For more information, see [CWA-2024-004](https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2024-004.md).

0 comments on commit c97d3fd

Please sign in to comment.