3 matches found
CVE-2023-42448
Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, the specification states that the contestation period in the datum of the UTxO at the head validator must stay unchanged as the state progresses from Open to Closed Close transaction, but no such check appears to be...
CVE-2023-42448
CVE-2023-42448 describes a vulnerability in Hydra (Cardano) prior to version 0.13.0 where the contestation period in the head UTxO datum could be modified during the Close transaction because the checkClose path does not enforce the required deadline. This could let a malicious participant fanout...
CVE-2023-42448 Hydra's contestation period in head datum can be modified during Close transaction, allowing malicious participant to freely modify the contestation deadline
Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, the specification states that the contestation period in the datum of the UTxO at the head validator must stay unchanged as the state progresses from Open to Closed Close transaction, but no such check appears to be...