Soroban Fixed Point Math

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-24783 HIGH PATCH This Week

Incorrect rounding in the mulDiv() function of soroban-fixed-point-math versions 1.3.0 and 1.4.0 allows attackers to manipulate fixed-point arithmetic results in Soroban smart contracts by exploiting sign handling when both the intermediate product and divisor are negative. This affects all signed FixedPoint implementations (i64, i128, I256) and could enable financial miscalculations or loss of funds in dependent contracts. A patch is available in versions 1.3.1 and 1.4.1.

Information Disclosure Soroban Fixed Point Math

NVD GitHub

CVSS 3.1

7.5

EPSS

0.0%

CVE-2026-24783

EPSS 0% CVSS 7.5

HIGH PATCH This Week

Incorrect rounding in the mulDiv() function of soroban-fixed-point-math versions 1.3.0 and 1.4.0 allows attackers to manipulate fixed-point arithmetic results in Soroban smart contracts by exploiting sign handling when both the intermediate product and divisor are negative. This affects all signed FixedPoint implementations (i64, i128, I256) and could enable financial miscalculations or loss of funds in dependent contracts. A patch is available in versions 1.3.1 and 1.4.1.

Information Disclosure Soroban Fixed Point Math

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy