cheqd-node, Non-deterministic JSON Unmarshalling, CVE-2025-XXXX (Critical)

By /

How the Mentioned CVE Works:

The vulnerability arises in the Inter-Blockchain Communication (IBC) protocol’s deserialization process of acknowledgements. Specifically, the JSON unmarshalling process in IBC-Go, an upstream dependency used by cheqd-node, exhibits non-deterministic behavior. This occurs when deserializing IBC acknowledgements, leading to inconsistent state transitions. An attacker exploiting this flaw can introduce malformed acknowledgements into the chain, causing validators to interpret the data differently. This inconsistency can result in a chain halt, as validators fail to reach consensus due to divergent states. The issue is particularly critical because any user capable of opening an IBC channel can trigger this vulnerability, making it a high-risk attack vector for blockchain networks relying on IBC-Go.

DailyCVE Form:

Platform: cheqd-node
Version: < v3.1.7
Vulnerability: Non-deterministic JSON Unmarshalling
Severity: Critical
Date: Mar 11, 2025

What Undercode Say:

Exploitation:

  1. Exploit Vector: An attacker opens an IBC channel and sends malformed acknowledgements.
  2. Payload Example: Crafted JSON data with inconsistent formatting to trigger non-deterministic unmarshalling.
  3. Impact: Chain halt due to validators failing to reach consensus.

Protection:

  1. Upgrade: Validators and full nodes must upgrade to cheqd-node v3.1.7.
  2. Patch Validation: Verify the fix by testing IBC acknowledgements in a testnet environment.
  3. Monitoring: Implement monitoring for IBC channel activity to detect anomalies.

Commands:

1. Upgrade Command:

git checkout v3.1.7
make install

2. Testnet Deployment:

cheqd-noded start --testnet

3. Log Monitoring:

journalctl -u cheqd-noded -f

Code Snippets:

1. Patch Verification:

func TestIBCAcknowledgement(t testing.T) {
ack := `{"result":"success"}` // Valid acknowledgement
var result map[bash]interface{}
err := json.Unmarshal([]byte(ack), &result)
if err != nil {
t.Fatalf("Unmarshalling failed: %v", err)
}
}

2. Exploit Simulation:

func ExploitNonDeterministicUnmarshalling() {
malformedAck := `{"result":}` // Malformed JSON
var result map[bash]interface{}
err := json.Unmarshal([]byte(malformedAck), &result)
if err != nil {
fmt.Println("Exploit triggered:", err)
}
}

Analytics:

  1. Affected Chains: Any blockchain using IBC-Go with cheqd-node < v3.1.7.
  2. Risk Level: Critical due to potential chain halt.
  3. Mitigation Rate: High, as upgrading to v3.1.7 resolves the issue without state-breaking changes.

Recommendations:

1. Immediate Action: Upgrade to cheqd-node v3.1.7.

2. Post-Upgrade Testing: Validate IBC channel functionality.

  1. Community Alert: Notify validators and relayers to ensure widespread adoption of the patch.

References:

Reported By: https://github.com/advisories/GHSA-33cr-m232-xqch
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top