A critical vulnerability was discovered in the Cosmos-SDK in October 2022 that affects versions v0.44.x, v0.45.x, and v0.46.x. A patch for this vulnerability was included as part of the official patches published for Dragonberry in v0.44.5-patch, v0.45.9, and v0.46.3. If you have already applied an official public patch release for Dragonberry, then you are also patched for Elderflower and no action is required. If not, please reach out to security@interchain.io for support in applying the patches immediately.
A retrospective on both Dragonberry and Elderflower with details about the exploits will be published together on Thursday December 15, 2022.
If you find a vulnerability, please disclose it responsibly via our bug bounty program: HackerOne