Listen to this Post
How the CVE Works
The vulnerability occurs when transactions with fees not denominated in Babylon’s native genesis token (ubbn) are processed. The `x/distribution` module’s `BeginBlocker` encounters a panic due to an error in fee allocation logic, specifically when transferring fees from the `feeCollector` to the distribution module. This panic halts the chain entirely, causing a Denial-of-Service (DoS) condition. The issue stems from improper validation of fee denominations in the Cosmos SDK’s distribution keeper logic (reference: x/distribution/keeper/allocation.goL28).
DailyCVE Form
Platform: Babylon
Version: Pre-v1.2.0
Vulnerability: Chain halt
Severity: High
Date: Jun 28, 2025
Prediction: Patch by Jul 15, 2025
What Undercode Say
grep -r "feeCollector" cosmos-sdk/x/distribution/ go test -v -run TestDistributionPanic ./x/distribution/keeper
How Exploit
1. Send transaction with non-`ubbn` fee.
2. Trigger `BeginBlocker` panic.
3. Chain halts.
Protection from this CVE
1. Upgrade to patched version.
2. Enforce `ubbn`-only fees.
Impact
Chain halt
DoS attack vector
Genesis disruption
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
