Vulnerability Report: GO-2025-4214
- GHSA-4rmq-mc2c-r495
- Affects: github.com/babylonlabs-io/babylon, github.com/babylonlabs-io/babylon/v2, and 2 more
- Published: Dec 15, 2025
- Unreviewed
Babylon Incorrect FP inactive accounting in costaking creates “phantom stake” that earns rewards after BTC unbond in github.com/babylonlabs-io/babylon
For detailed information about this vulnerability, visit https://github.com/babylonlabs-io/babylon/security/advisories/GHSA-4rmq-mc2c-r495.
Affected Modules
-
PathGo Versions
-
all versions, no known fixed
-
all versions, no known fixed
-
all versions, no known fixed
-
before v4.2.0
Aliases
References
- https://github.com/babylonlabs-io/babylon/security/advisories/GHSA-4rmq-mc2c-r495
- https://github.com/babylonlabs-io/babylon/commit/e65c3a55a398a403103f1b089cf76f0d4befc7a0
- https://vuln.go.dev/ID/GO-2025-4214.json
Feedback
This report is unreviewed. It was automatically generated from a third-party source and its details have not been verified by the Go team.
See anything missing or incorrect?
Suggest an edit to this report.