In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade orml-rewards
to version 1.2.1 or higher.
Affected versions of this package are vulnerable to Uncaught Exception through the add_share
function. An attacker can cause a runtime panic and potentially crash the node process by submitting a specially crafted extrinsic that includes an input exceeding the u128
range. This is only exploitable if there exists at least one rewards pool where reward tokens exceed twice the collateral tokens, allowing sufficiently large multiplication to exceed u128
bounds.