Rs Soroban Sdk
Monthly
Function name collision in Rs Soroban SDK versions prior to 22.0.10, 23.5.2, and 25.1.1 causes the #[contractimpl] macro to invoke incorrect functions when both trait and inherent implementations share identical function names, allowing attackers to exploit logic flaws through public exploit code. Smart contract developers using affected versions risk silent execution of unintended code paths that could compromise contract integrity and security guarantees. Patches are available for all vulnerable versions.
Arithmetic overflow in Soroban SDK versions up to 25.0.2 allows contracts using user-controlled range bounds in Bytes::slice, Vec::slice, or Prng::gen_range methods to operate on incorrect data ranges or generate unintended random numbers, potentially corrupting contract state. Developers who do not enable overflow-checks in their Rust configuration are vulnerable to this silent data corruption. A patch is available and should be applied immediately to affected Soroban contracts.
Function name collision in Rs Soroban SDK versions prior to 22.0.10, 23.5.2, and 25.1.1 causes the #[contractimpl] macro to invoke incorrect functions when both trait and inherent implementations share identical function names, allowing attackers to exploit logic flaws through public exploit code. Smart contract developers using affected versions risk silent execution of unintended code paths that could compromise contract integrity and security guarantees. Patches are available for all vulnerable versions.
Arithmetic overflow in Soroban SDK versions up to 25.0.2 allows contracts using user-controlled range bounds in Bytes::slice, Vec::slice, or Prng::gen_range methods to operate on incorrect data ranges or generate unintended random numbers, potentially corrupting contract state. Developers who do not enable overflow-checks in their Rust configuration are vulnerable to this silent data corruption. A patch is available and should be applied immediately to affected Soroban contracts.