rust-libp2p 输入验证错误漏洞

rust-libp2p is a Rust implementation of the libp2p open-source network stack. Prior to version 0.49.3, rust-libp2p had a vulnerability related to input validation errors. This vulnerability stemmed from the Gossipsub implementation accepting PRUNE evolutions controlled by attackers and potentiall...

Decay interval can be extended

Lines of code Vulnerability details Impact The half-life defined by MINUTEDECAYFACTOR can be extended from 12h up to 24h. Proof of Concept minutesPassed is truncated to the minute. This means that the actual time passed may be up to a minute more than calculated. updateLastFeeOpTime is used to on...