CVE-2023-42806 Snapshot signature not including HeadID will allow replay attacks

Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying $\mathsfcid$ allows an attacker which must be a participant of this head to use a snapshot from an old head instance with the same participants to close the head or contest the state with i...

Hydra Data Forgery Issue Vulnerability

Hydra is a penetration testing tool. A data forgery issue vulnerability exists in versions prior to Hydra 0.13.0, which stems from a vulnerability that allows an attacker to conduct replay attacks by using snapshot signatures that do not include a HeadID...