Referendum #393
Treasury #568

Finding and fixing a vulnerability in broker-pallet

Treasury
0 Comments
Awarded

The new broker pallet, responsible for handling the Coretime procurement logic, had a vulnerability that allowed users to assign Coretime they no longer owned. This is, obviously, quite problematic.

The issue is described in more detail here: https://github.com/paritytech/polkadot-sdk/pull/2811

This is a small tip request for finding reporting and fixing the issue.

Reply
Up
Share
  • Metadata
  • Timeline2
Comments
No comments here