Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
4DescriptionGitHub Advisory
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp >= parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MIN_PRODUCER_TIMEOUT for skip blocks, but there is no visible upper bound check against the wall clock. A malicious block-producing validator can set block timestamps arbitrarily far in the future. This directly affects reward calculations via Policy::supply_at() and batch_delay() in blockchain/src/reward.rs, inflating the monetary supply beyond the intended emission schedule.
AnalysisAI
Timestamp manipulation in Nimiq Core Rust implementation (nimiq-blockchain 1.3.0 and earlier) allows authenticated block-producing validators to set arbitrarily future block timestamps, bypassing validation constraints and directly inflating the blockchain's monetary supply beyond the intended emission schedule through compromised Policy::supply_at() and batch_delay() reward calculations. The vulnerability exploits absent upper-bound wall-clock validation in non-skip and skip block timestamp verification logic, enabling integrity compromise of the blockchain's economic model. No public exploit identified at time of analysis.
Technical ContextAI
Root cause is CWE-1284 (improper input validation) in block timestamp validation logic. Validation enforces timestamp >= parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MIN_PRODUCER_TIMEOUT for skip blocks, but omits maximum bound checking against system wall clock. Malicious validators exploit this to inject future-dated timestamps, poisoning reward computation functions in blockchain/src/reward.rs module.
RemediationAI
Vendor-released security advisory available at https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-49xc-52mp-cc9j. Upgrade to patched version specified in GitHub advisory immediately. No patched version number independently confirmed in available data; consult vendor advisory for exact fixed release. As interim mitigation, restrict block-producing validator privileges to trusted entities only and implement monitoring for abnormal timestamp deltas between consecutive blocks exceeding expected network drift thresholds. Organizations running validator nodes should audit historical block timestamps for anomalies indicative of prior exploitation and validate total supply calculations against canonical emission schedule. No effective workaround exists without source-level validation enforcement; deployment of vendor patch is mandatory for production blockchain networks.
More in Core Rs Albatross
View allInteger truncation in Nimiq core-rs-albatross's skip block proof verification allows authenticated validators to forge c
Nimiq core-rs-albatross validators prior to version 1.3.0 can be remotely crashed via malformed Tendermint proposals. An
Integer underflow in Nimiq core-rs-albatross <1.3.0 enables unauthenticated remote attackers to trigger deterministic de
Denial of service in Nimiq Core RS Albatross prior to version 1.3.0 allows remote attackers to crash full nodes by sendi
Panic-triggered denial of service in Nimiq's core-rs-albatross (versions prior to 1.4.0) allows a network-level attacker
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21146
GHSA-49xc-52mp-cc9j