Secret Network was just upgraded to version 1.14 following an expedited upgrade procedure.
The upgrade addressed the following vulnerability:
- CWA-2024-005: Stack overflow which can lead to crashes of the node process (High)
Also, in this upgrade we bumped ledger-cosmos-go from v0.12.2 to v0.12.4
The sources and binaries are available here: Release v1.14.0 · scrtlabs/SecretNetwork · GitHub
Essentially, the vulnerability could have led to network halt under certain conditions. We are not aware of any actual attempts to exploit this vulnerability.
The upgrade was successful, Secret Network is running fine.
Thanks to our wonderful validators for cooperation and patience. We will follow up on the validator comments about improving the expedited upgrade process and make it more convenient next time.
Congrats to Lab’s core dev Ilya Raykker for his first Secret Upgrade!