For Mainnet's v28 update, the only change being made is an update from Cosmos SDK v0.50.12 -> v0.50.13. A small TON related change is also included in the v29 update for our Testnet. For more information on the Cosmos SDK vulnerability, please see their security advisory here: [ISA-2025-002: x/group can halt when erroring in EndBlocker](https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-47ww-ff84-4jrg)
Additional Critical Information: - Due to the low difficulty required to exploit this vulnerability, please apply the updates as soon as you can safely do so. - Validator operators, if the chain does halt before we reach 2/3 voting power, please install the updated binary swiftly to restore the network. - Guidance from the cosmos/cosmos-sdk release page states: - This patch is not state-breaking, so chains can upgrade in a rolling manner. This does not have to be a coordinated upgrade. - However, validators should upgrade as soon as possible when the release is made available. - If the vulnerability is exploited before 2/3 is patched, the chain will halt.
Posted Mar 12, 2025 - 22:55 UTC
This scheduled maintenance affected: Testnet (ZetaChain Testnet) and Mainnet (ZetaChain Mainnet).