From 29c1d4c1cf3edba0fbc1a97743188ba2bef5eed7 Mon Sep 17 00:00:00 2001
From: Hongrui Fang <chfanghr@gmail.com>
Date: Mon, 31 Oct 2022 21:39:57 +0800
Subject: [PATCH] update changelog

---
 CHANGELOG.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3769d56..70dbaee 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,15 @@ This format is based on [Keep A Changelog](https://keepachangelog.com/en/1.0.0).
 
 ### Modified
 
+- Fix several vulnerabilities and bugs found in both proposal and governor scripts.
+
+  Including:
+
+  - Governor accepts fake stake UTxO, meaning that an attacker can DoS by
+    creating Proposals without passing the minimum GT limit.
+  - The proposal policy asserts that GST moves while minting PST, effectively
+    allowing attackers to create fake proposals.
+
 - Fix an exploit that allows arbitrary amount of SSTs to be minted. The attack is
   very similar to the GAT one. See also the discussion in
   [#202](https://github.com/Liqwid-Labs/agora/pull/202).