Dependency management and vulnerability assessment
During the audit, we thoroughly evaluated all external dependencies integrated into the product to ensure their security and up-to-date status, with a key focus on the Cosmos SDK utilized within the Babylon chain.
We identified that the Babylon chain is using Cosmos SDK version 0.50.9, as verified by the target audit commit hash found in the go.mod file.
However, version 0.50.9 of Cosmos SDK has a documented security vulnerability GHSA-8wcc-m6j2-qxvm↗, which poses potential risks to the integrity and security of the blockchain network.
At the start of the audit, the Babylon team was aware of this fact and was in the process of modifying some code to ensure compatibility with the latest version of the Cosmos SDK. By the end of the audit, the upgrade to version v0.50.12 had been completed↗.