NKAbuse: A New Multiplatform Threat Exploiting the Blockchain Protocol

Summary: A novel malware called NKAbuse stands out as a new, Go-based, multi-platform threat. What makes this malware distinctive is its pioneering use of the peer-to-peer network connectivity protocol NKN New Kind of Network technology for data exchange. This utilization of NKN technology makes...

Design/Logic Flaw

mx-chain-go is the official implementation of the MultiversX blockchain protocol, written in golang. When executing a relayed transaction, if the inner transaction failed, it would have increased the inner transaction's sender account nonce. This could have contributed to a limited DoS attack on ...

CVE-2023-34458 mx-chain-go's relayed transactions always increment nonce

mx-chain-go is the official implementation of the MultiversX blockchain protocol, written in golang. When executing a relayed transaction, if the inner transaction failed, it would have increased the inner transaction's sender account nonce. This could have contributed to a limited DoS attack on ...

CVE-2023-34458 mx-chain-go's relayed transactions always increment nonce

mx-chain-go is the official implementation of the MultiversX blockchain protocol, written in golang. When executing a relayed transaction, if the inner transaction failed, it would have increased the inner transaction's sender account nonce. This could have contributed to a limited DoS attack on ...

CVE-2023-34458 mx-chain-go's relayed transactions always increment nonce

mx-chain-go is the official implementation of the MultiversX blockchain protocol, written in golang. When executing a relayed transaction, if the inner transaction failed, it would have increased the inner transaction's sender account nonce. This could have contributed to a limited DoS attack on ...

CVE-2023-34458

CVE-2023-34458 affects mx-chain-go, the official MultiversX blockchain implementation. When executing a relayed transaction, if the inner transaction failed, the inner sender nonce could be incremented, creating a potential limited DoS condition on a targeted account. The issue is resolved by a b...

CVE-2023-33964

mx-chain-go corresponds to MultiversX chain code. Before version 1.4.16, an invalid cross-shard miniblock caused by a wrong username on metachain was not handled correctly, potentially stopping notarization of shard blocks. The patch introduced processIfTxErrorCrossShard in the metachain transact...

CVE-2023-33964 mx-chain-go does not treat invalid transaction with wrong username correctly

mx-chain-go is an implementation of the MultiversX blockchain protocol written in the Go language. Metachain cannot process a cross-shard miniblock. Prior to version 1.4.16, an invalid transaction with the wrong username on metachain is not treated correctly on the metachain transaction processor...