CVE-2024-41945
CVSS V2 None
CVSS V3 None
Description
fuels-ts is a library for interacting with Fuel v2. The typescript SDK has no awareness of to-be-spent transactions causing some transactions to fail or silently get pruned as they are funded with already used UTXOs. The problem occurs, because the `fund` function in `fuels-ts/packages/account/src/account.ts` gets the needed ressources statelessly with the function `getResourcesToSpend` without taking into consideration already used UTXOs. This issue will lead to unexpected SDK behaviour, such as a transaction not getting included in the `txpool` / in a block or a previous transaction silently getting removed from the `txpool` and replaced with a new one.
Overview
- CVE ID
- CVE-2024-41945
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-07-30T19:42:06.663Z
- Last Modified Date
- 2024-07-30T19:42:06.663Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/FuelLabs/fuels-ts/security/advisories/GHSA-3jcg-vx7f-j6qf | x_refsource_CONFIRM |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-41945 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41945 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-07-31 13:10:42 | Added to TrackCVE |