13 matches found
CVE-2026-42278
UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTransferTx contains a critical logic flaw in its policy enforcement pipeline. When a transaction originates from a "Pocket" a derived sub-address documented in the protocol a...
EUVD-2026-28526
UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTransferTx contains a critical logic flaw in its policy enforcement pipeline. When a transaction originates from a "Pocket" a derived sub-address documented in the protocol a...
CVE-2026-42278 UltraDAG: Smart Account Spending Policy Bypass via Pockets
UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTransferTx contains a critical logic flaw in its policy enforcement pipeline. When a transaction originates from a "Pocket" a derived sub-address documented in the protocol a...
CVE-2026-42278
CVE-2026-42278 affects UltraDAG (Rust) and specifically the SmartTransferTx policy enforcement path. Before commit fb6ef59, a transaction originating from a Pocket (a derived sub-address) could bypass spending controls because the pocket’s parent account wasn’t resolved before evaluating the spen...
CVE-2026-42278 UltraDAG: Smart Account Spending Policy Bypass via Pockets
UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTransferTx contains a critical logic flaw in its policy enforcement pipeline. When a transaction originates from a "Pocket" a derived sub-address documented in the protocol a...
UltraDAG 访问控制错误漏洞
UltraDAG is a lightweight IoT blockchain developed by the UltraDAGcom team. Prior versions of UltraDAG had an access control vulnerability caused by a logical flaw in the policy execution pipeline implemented in SmartTransferTx. This flaw allowed the system to check expenditure policies without...
PT-2026-38662
Name of the Vulnerable Software and Affected Versions UltraDAG versions prior to commit fb6ef59 Description The StateEngine implementation of SmartTransferTx contains a logic flaw in its policy enforcement pipeline. When a transaction originates from a "Pocket" a derived sub-address used to...
EUVD-2026-24179
UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that passes signature, nonce, and balance prechecks, but fails authorization only after state mutation has already occurred...
CVE-2026-40583 UltraDAG: SmartOp Vote Path Triggers Fatal Supply Invariant Halt
UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that passes signature, nonce, and balance prechecks, but fails authorization only after state mutation has already occurred...
CVE-2026-40583 UltraDAG: SmartOp Vote Path Triggers Fatal Supply Invariant Halt
UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that passes signature, nonce, and balance prechecks, but fails authorization only after state mutation has already occurred...
CVE-2026-40583
UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that passes signature, nonce, and balance prechecks, but fails authorization only after state mutation has already occurred...
CVE-2026-40583
UltraDAG (Rust, version 0.1) has a vulnerability where a non-council attacker can submit a signed SmartOp::Vote, passing signature/nonce/balance prechecks, but authorization fails only after state mutation has occurred. This leads to a fatal supply invariant halt per CVE-2026-40583. The issue is ...
UltraDAG 安全漏洞
UltraDAG is a lightweight IoT blockchain developed by the individual developers of UltraDAGcom. Version 0.1 of UltraDAG has security vulnerabilities. These vulnerabilities arise from the possibility for non-membership attackers to submit signed SmartOp::Vote transactions. These transactions under...