Ultradag
Monthly
State corruption in UltraDAG 0.1 allows remote unauthenticated attackers to bypass authorization controls and manipulate blockchain state integrity through malformed SmartOp::Vote transactions. The vulnerability enables attackers to trigger state mutations before authorization checks complete, causing high availability impact and low integrity impact to the blockchain. No active exploitation or public POC has been identified, but the CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates trivial remote exploitation against default configurations. Upstream fixes are available via GitHub commits but no tagged release version has been confirmed.
State corruption in UltraDAG 0.1 allows remote unauthenticated attackers to bypass authorization controls and manipulate blockchain state integrity through malformed SmartOp::Vote transactions. The vulnerability enables attackers to trigger state mutations before authorization checks complete, causing high availability impact and low integrity impact to the blockchain. No active exploitation or public POC has been identified, but the CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates trivial remote exploitation against default configurations. Upstream fixes are available via GitHub commits but no tagged release version has been confirmed.