First published: Tue Jan 28 2025(Updated: )
A critical vulnerability was discovered in the `ismp-grandpa` crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers. ### Description The vulnerability manifests as a verifer that only accepts incorrect signatures of Grandpa precommits and was introduced in this [specific commit](https://github.com/polytope-labs/ismp-substrate/pull/64/commits/5ca3351a19151f1a439c30d5cbdbfdc72a11f1a8#diff-3835cc24fb2011b3e8246036059acd8c2c2a9a869eedf7a210d18edb6543318dL262). Perhaps due to unfamiliarity with core substrate APIs. The `if` statement should have included a negation check, similar to the previous code, but this was omitted. Causing the verifier to **only** accept invalid signatures. This vulnerability remained undetected even with [integration tests](https://github.com/polytope-labs/ismp-substrate/pull/64/commits/04d5be207b082eb61d586d52e1685e2e060347e6#diff-4aedbca82d26bebc03f274e23fd5697c3346ffff54405c87af9018f3aef708b2R1-R160), as the prover was also [misconfigured](https://github.com/polytope-labs/ismp-substrate/pull/64/commits/b26894913b301061b07db61af841ca2586415f08#diff-493a6129d75fe31185e28695a4d2adc1582fe9df12462e380fe994f170fc1e70L159) to initialize the Grandpa verifier with the incorrect authority `set_id`. This causes verification of honest precommit signatures to fail as the message is now malformed, but the verifier indeed only accepts signatures or messages that fail the verification check. But even more devastatingly, the verifier will also accept malicious GRANDPA signatures for any precommit message. This vulnerability has been fixed in this [commit](https://github.com/polytope-labs/hyperbridge/pull/372/commits/f0e85db718f5165b06585a49b14a66f8ad643aea) and a patch release has been published. ### Impact This could be used to steal funds or compromise other kinds of cross-chain applications. ### Patches This vulnerability has been fixed in the latest version of `ismp-granpda` `v15.0.1` ### Recommendations Users who rely on the compromised versions must upgrade immediately, as all vulnerable versions of the crate has been yanked.
Credit: security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
rust/grandpa-verifier | <0.1.2 | 0.1.2 |
rust/grandpa-verifier-primitives | <0.1.2 | 0.1.2 |
rust/ismp-grandpa | <15.0.1 | 15.0.1 |
Hyperbridge ISMP-Grandpa | <15.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-24800 is classified as a critical vulnerability.
CVE-2025-24800 affects versions of the 'grandpa-verifier' and 'grandpa-verifier-primitives' crates below 0.1.2 and the 'ismp-grandpa' crate below 15.0.1.
To mitigate CVE-2025-24800, update 'grandpa-verifier' and 'grandpa-verifier-primitives' to version 0.1.2 and 'ismp-grandpa' to version 15.0.1.
CVE-2025-24800 is a security vulnerability that allows a malicious prover to deceive the verifier regarding the finality of headers.
Yes, there is a public security advisory available regarding CVE-2025-24800 on GitHub.