The Juno network has been halted following a non-deterministic block

A malicious smart contract was uploaded on the Juno blockchain roughly five hours ago, according to core team members from the project. Although malicious contracts are often uploaded on blockchains, this one seems to be exploiting a bug on the network as it resulted in making validators unable to come to a consensus immediately thereafter.

Juno remains halted at block 4,136,531 since the bug is related to the network's Authz module which was fixed in the Cosmos SDK's 0.46.x version. Due to changes in this version, Juno cannot simply upgrade its state but needs a hard fork including the security update.

The Juno team states it’s working on understanding and fixing the bug, during which the chain will remain halted. All user funds are said to be safe while the team ensures that the patch they are working on is addressing the vulnerability fully. No more details are shared at the time of writing this article, but updates are promised for the upcoming hours.

The last time the Juno network was halted happened in April 2022, when just before the release of the network’s update called “Lupercalia” the blockchain’s validators went out of sync by being unable to reach a consensus resulting in a chain split. When the Juno community started working on restarting the chain and finding the root cause of the problem, it was discovered that a suspicious transaction calling a cosmwasm smart contract (Cosmwasm is a permissionless smart contract platform built for Cosmos blockchains) triggered the chain to split into 125 different networks. At the time, three vulnerabilities were found regarding cosmwasm contracts, all of which were patched timely and the chain restarted.