CVE-2023-38701

Hydra is the layer-two scalability solution for Cardano. Users of the Hydra head protocol send the UTxOs they wish to commit into the Hydra head first to the commit validator, where they remain until they are either collected into the head validator or the protocol initialisation is aborted and t...

Design/Logic Flaw

Hydra is the layer-two scalability solution for Cardano. Users of the Hydra head protocol send the UTxOs they wish to commit into the Hydra head first to the commit validator, where they remain until they are either collected into the head validator or the protocol initialisation is aborted and t...

Hydra Input Validation Error Vulnerability

Hydra is a penetration testing tool. An input validation error vulnerability exists in versions of Hydra prior to 0.12.0, which stems from the commit validator containing a flawed check when using the ViaAbort converter, which allows any user to arbitrarily spend any UTxO on the validator, meanin...

PT-2023-26566 · Hydra · Hydra

Name of the Vulnerable Software and Affected Versions: Hydra versions prior to 0.12.0 Description: Hydra is a layer-two scalability solution for Cardano. The issue arises when the ViaAbort redeemer is used in the commit validator, allowing any user to spend any UTxO arbitrarily, which means an...