GHSA-r9rv-9mh8-pxf4: 
Rust vulnerability analysis and mitigation

The vulnerability (GHSA-r9rv-9mh8-pxf4) affects Nervos CKB versions <= 0.33.0, where nodes incorrectly handle blocks with future timestamps. The issue was discovered and disclosed on July 3, 2020, affecting the Nervos CKB blockchain network. The vulnerability relates to how nodes process blocks with timestamps more than 15 seconds ahead of the local wall clock (GitHub Advisory).

When a node receives a block with a timestamp more than 15 seconds ahead of its current time, it incorrectly marks the block as invalid and bans the peer that provided it. This behavior occurs even though such blocks could become valid in the future. The vulnerability was rated as Moderate severity and was patched in version 0.33.1 (GitHub Advisory).

The main impact of this vulnerability is potential network partitioning. An attacker could exploit this behavior to split the network by mining blocks right at the 15-second boundary, causing nodes to ban legitimate peers and disrupt network connectivity (GitHub Advisory).

The issue was fixed in version 0.33.1 by modifying the behavior to not ban peers that serve blocks with future timestamps. Users are recommended to upgrade to version 0.33.1 or above. As a workaround, nodes can be configured to not ban peers that serve blocks with timestamps too far ahead (GitHub Advisory).