Vulnerability	Vulnerable Version
H Improperly Implemented Security Check for Standard Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard via the creation of a 64-byte transaction that is treated as a node in its Merkle proof. An attacker can produce seemingly valid SPV proofs for fraudulent transactions by publishing specially crafted transactions on the Bitcoin blockchain. This is only exploitable if the attacker calculates an unusual but valid transaction `D`, so that the last 32 bytes of `D` are a part of the Merkle proof of another transaction `E`, and then publishes `D` and waits for it to be mined. A valid SPV proof for `D` can then be transformed into a proof for `E` by prepending certain values to the Merkle proof and changing the transaction index to match `E`'s implied position in the Merkle tree. How to fix Improperly Implemented Security Check for Standard? Upgrade `@keep-network/tbtc-v2` to version 1.5.2 or higher.	<1.5.2

Improperly Implemented Security Check for Standard

Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard via the creation of a 64-byte transaction that is treated as a node in its Merkle proof. An attacker can produce seemingly valid SPV proofs for fraudulent transactions by publishing specially crafted transactions on the Bitcoin blockchain. This is only exploitable if the attacker calculates an unusual but valid transaction D, so that the last 32 bytes of D are a part of the Merkle proof of another transaction E, and then publishes D and waits for it to be mined. A valid SPV proof for D can then be transformed into a proof for E by prepending certain values to the Merkle proof and changing the transaction index to match E's implied position in the Merkle tree.

How to fix Improperly Implemented Security Check for Standard?

Upgrade @keep-network/tbtc-v2 to version 1.5.2 or higher.

<1.5.2

Go back to all versions of this package