18 matches found
CVE-2026-59695
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet in a single request by naming an arbitrarily high gas price. When the mpp Elixir library is configured as fee payer feepayer: true,...
CVE-2026-59694
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to inflate the fee-payer's gas cost per payment by a large multiplier, degrading the sponsor's operating margin. When the mpp Elixir library is configured as fee payer feepayer: true,...
CVE-2026-59252
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...
CVE-2026-59252 Missing gas_limit validation in mpp Tempo fee-payer enables wallet drain
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...
CVE-2026-59252
The CVE-2026-59252 entry describes a missing gas_limit validation in ZenHive mpp when configured as a fee payer (fee_payer: true). The MPP.Methods.Tempo payment method co-signs and broadcasts a client-supplied EVM transaction without ensuring the client-supplied gas_limit is sufficient, allowing ...
CVE-2026-59252
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...
EUVD-2026-45160
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...
CVE-2026-59694 Unbounded access list in mpp Tempo fee-payer inflates gas cost per payment
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to inflate the fee-payer's gas cost per payment by a large multiplier, degrading the sponsor's operating margin. When the mpp Elixir library is configured as fee payer feepayer: true,...
CVE-2026-59694
CVE-2026-59694 affects ZenHive mpp (Elixir library) when configured as the fee payer. The issue occurs in MPP.Tempo.Transaction.cosign_fee_payer/3, which re-signs client-supplied base fields of the 0x76 AASigned envelope verbatim, including the EIP-2930 access list, without validating length or c...
CVE-2026-59694
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to inflate the fee-payer's gas cost per payment by a large multiplier, degrading the sponsor's operating margin. When the mpp Elixir library is configured as fee payer feepayer: true,...
CVE-2026-59695
Vulnerability summary (CVE-2026-59695). The ZenHive mpp Elixir library, when configured as a fee payer (fee_payer: true), is vulnerable to an unauthenticated remote client that can drain the fee-payer wallet in a single request. The root cause is improper validation in MPP.Tempo.Transaction.cosig...
CVE-2026-59695 Unbounded max_fee_per_gas in mpp Tempo fee-payer enables single-request wallet drain
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet in a single request by naming an arbitrarily high gas price. When the mpp Elixir library is configured as fee payer feepayer: true,...
CVE-2026-59695
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet in a single request by naming an arbitrarily high gas price. When the mpp Elixir library is configured as fee payer feepayer: true,...
EUVD-2026-45158
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet in a single request by naming an arbitrarily high gas price. When the mpp Elixir library is configured as fee payer feepayer: true,...
GHSA-FXC9-7J2W-VX54 mpp has multiple payment bypass and griefing vulnerabilities
Impact Multiple vulnerabilities were discovered which allowed for undesirable behaviors, including: - Performing free tempo/charge requests - Replaying existing tempo/charge requests - Performing free tempo/session requests - Piggybacking off existing tempo/session channels - Griefing existing...
mpp has multiple payment bypass and griefing vulnerabilities
Impact Multiple vulnerabilities were discovered which allowed for undesirable behaviors, including: - Performing free tempo/charge requests - Replaying existing tempo/charge requests - Performing free tempo/session requests - Piggybacking off existing tempo/session channels - Griefing existing...
GHSA-X442-M7CC-HR92 kora-lib: Unrecognized Instruction Types Create Empty Stubs That Bypass Fee Payer Policy
Summary When inner CPI instructions use instruction types not recognized by Kora's parser including Token-2022 extension instructions like ConfidentialTransfer, TransferFeeExtension::WithdrawWithheldTokens, etc., they are reconstructed as stub instructions with empty accounts and empty data. Thes...
kora-lib: Unrecognized Instruction Types Create Empty Stubs That Bypass Fee Payer Policy
Summary When inner CPI instructions use instruction types not recognized by Kora's parser including Token-2022 extension instructions like ConfidentialTransfer, TransferFeeExtension::WithdrawWithheldTokens, etc., they are reconstructed as stub instructions with empty accounts and empty data. Thes...