13 matches found
EUVD-2023-42478
Malicious code in bioql PyPI...
Improper Input Validation
@fuel-ts/account is vulnerable to Improper Input Validation. The vulnerability is caused due to the fund function in fuels-ts/packages/account/src/account.ts which gets the needed resources statelessly with the function getResourcesToSpend without taking into consideration already used UTXOs. Thi...
GHSA-3JCG-VX7F-J6QF The fuels-ts typescript SDK has no awareness of to-be-spent transactions
Brief/Intro The typescript SDK has no awareness of to-be-spent transactions causing some transactions to fail or silently get pruned as they are funded with already used UTXOs. The Typescript SDK provides the fund function which retrieves UTXOs, which belong to the owner and can be used to fund t...
CVE-2024-41945
fuels-ts is a library for interacting with Fuel v2. The typescript SDK has no awareness of to-be-spent transactions causing some transactions to fail or silently get pruned as they are funded with already used UTXOs. The problem occurs, because the fund function in...
CVE-2024-41945
The fuels-ts vulnerability centers on the fund function in fuels-ts/packages/account/src/account.ts, which gathers needed UTXOs using getResourcesToSpend without excluding already used UTXOs. This stateless approach can yield inputs that become invalid within the same block, causing transactions ...
CVE-2023-38701
Hydra is the layer-two scalability solution for Cardano. Users of the Hydra head protocol send the UTxOs they wish to commit into the Hydra head first to the commit validator, where they remain until they are either collected into the head validator or the protocol initialisation is aborted and t...
Design/Logic Flaw
Hydra is the layer-two scalability solution for Cardano. Users of the Hydra head protocol send the UTxOs they wish to commit into the Hydra head first to the commit validator, where they remain until they are either collected into the head validator or the protocol initialisation is aborted and t...
CVE-2023-38701
CVE-2023-38701 (Hydra) affects Hydra’s head protocol on Cardano. Before v0.12.0, the commit validator and the initial validator contain a flawed check when the ViaAbort redeemer is used, allowing any user to arbitrarily spend UTxOs at the validator. This enables an attacker to steal funds users c...
CVE-2023-38701 Hydra's committed UTxOs at Commit validator and UTxOs at Initial validator can be spent arbitrarily by anyone
Hydra is the layer-two scalability solution for Cardano. Users of the Hydra head protocol send the UTxOs they wish to commit into the Hydra head first to the commit validator, where they remain until they are either collected into the head validator or the protocol initialisation is aborted and t...
CVE-2023-38701 Hydra's committed UTxOs at Commit validator and UTxOs at Initial validator can be spent arbitrarily by anyone
Hydra is the layer-two scalability solution for Cardano. Users of the Hydra head protocol send the UTxOs they wish to commit into the Hydra head first to the commit validator, where they remain until they are either collected into the head validator or the protocol initialisation is aborted and t...
CVE-2023-38701 Hydra's committed UTxOs at Commit validator and UTxOs at Initial validator can be spent arbitrarily by anyone
Hydra is the layer-two scalability solution for Cardano. Users of the Hydra head protocol send the UTxOs they wish to commit into the Hydra head first to the commit validator, where they remain until they are either collected into the head validator or the protocol initialisation is aborted and t...
MAL-2022-1610 Malicious code in block-utxos (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e70c6a7180039569d10a362b93afb6e7327163558b46d4e3605503c9a4459596 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in block-utxos (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e70c6a7180039569d10a362b93afb6e7327163558b46d4e3605503c9a4459596 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...