28 matches found
CVE-2021-21405
Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays...
Design/Logic Flaw
Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays...
CVE-2021-21405 BLS Signature "Malleability"
Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays...
CVE-2021-21405
CVE-2021-21405 concerns Lotus, a Go implementation of the Filecoin protocol. The issue arises from BLS signature validation that uses the blst VerifyCompressed method, which accepts signatures in two forms: “serialized” and “compressed.” Because the block header CID embeds the BlockSig, Lotus pre...
Łukasz Magiera lotus 数据伪造问题漏洞
Łukasz Magiera lotus is an open source application by Łukasz Magiera.Filecoin distributed storage network implementation. Lotus has a security vulnerability. the Lotus block validation function performs a uniqueness check on the supplied block...
PT-2021-14482 · Unknown +2 · Filecoin-Ffi +2
Name of the Vulnerable Software and Affected Versions: Lotus affected versions not specified Description: The issue concerns BLS signature validation in Lotus, which uses the blst library method VerifyCompressed. This method accepts signatures in two forms: serialized and compressed, allowing BLS...
Teatime - An RPC Attack Framework For Blockchain Nodes
Teatime is an RPC attack framework aimed at making it easy to spot misconfigurations in blockchain nodes. It detects a large variety of issues, ranging from information leaks to open accounts, and configuration manipulation. The goal is to enable tools scanning for vulnerable nodes and minimizing...
bellperson (>=0.3.4 <=0.15.0), ff-cl-gen (>=0.1.0 <=0.3.0) +10 more potentially affected by CVE-2021-25908 via fil-ocl (=0.19.6)
fil-ocl CARGO version =0.19.6 is affected by a known vulnerability. The following packages have a transitive dependency on fil-ocl and may be impacted: - bellperson =0.3.4, =0.1.0, =5.0.0, =5.0.0, =2.3.0, =0.1.0, =0.1.0, =5.0.0, =5.4.0, =5.0.0, =5.0.0, =0.1.1, =0.1.2 Source cves: CVE-2021-25908...