CVE-2025-48886 hydra-node dangerously assumes L1 event finality and does not consider failed transactions

Hydra is a layer-two scalability solution for Cardano. Prior to version 0.22.0, the process assumes L1 event finality and does not consider failed transactions. Currently, Cardano L1 is monitored for certain events which are necessary for state progression. At the moment, Hydra considers those...

CVE-2023-42806

Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying $\mathsfcid$ allows an attacker which must be a participant of this head to use a snapshot from an old head instance with the same participants to close the head or contest the state with i...