Headline
GHSA-4rmq-mc2c-r495: Babylon Incorrect FP inactive accounting in costaking creates “phantom stake” that earns rewards after BTC unbond
Summary
A state consistency bug in x/costaking can leave a BTC delegator with non-zero ActiveSatoshis (Phatom Stake) even after they have fully unbonded their BTC delegation, if their Finality Provider (FP) drops out of the active set in the exact same babylon block height. This creates a “phantom stake”: the delegator’s BTC capital is withdrawn, the FP is inactive, but costaking continues to treat the delegation as active BTC stake allowing ongoing rewards accrual without backing BTC.
Impact
An address can keep earning costaking rewards with zero BTC staked.
Reported by @BottyBott.
- GitHub Advisory Database
- GitHub Reviewed
- GHSA-4rmq-mc2c-r495
Babylon Incorrect FP inactive accounting in costaking creates “phantom stake” that earns rewards after BTC unbond
Moderate severity GitHub Reviewed Published Dec 8, 2025 in babylonlabs-io/babylon • Updated Dec 9, 2025
Package
gomod github.com/babylonlabs-io/babylon (Go)
Affected versions
<= 1.1.0
gomod github.com/babylonlabs-io/babylon/v2 (Go)
gomod github.com/babylonlabs-io/babylon/v3 (Go)
<= 3.0.0-snapshot.250805a
gomod github.com/babylonlabs-io/babylon/v4 (Go)
Summary
A state consistency bug in x/costaking can leave a BTC delegator with non-zero ActiveSatoshis (Phatom Stake) even after they have fully unbonded their BTC delegation, if their Finality Provider (FP) drops out of the active set in the exact same babylon block height. This creates a “phantom stake”: the delegator’s BTC capital is withdrawn, the FP is inactive, but costaking continues to treat the delegation as active BTC stake allowing ongoing rewards accrual without backing BTC.
Impact
An address can keep earning costaking rewards with zero BTC staked.
Reported by @BottyBott.
References
- GHSA-4rmq-mc2c-r495
- babylonlabs-io/babylon@e65c3a5
Published to the GitHub Advisory Database
Dec 9, 2025