CVE-2024-41945

CVSS V2 None CVSS V3 None
Description
fuels-ts is a library for interacting with Fuel v2. The typescript SDK has no awareness of to-be-spent transactions causing some transactions to fail or silently get pruned as they are funded with already used UTXOs. The problem occurs, because the `fund` function in `fuels-ts/packages/account/src/account.ts` gets the needed ressources statelessly with the function `getResourcesToSpend` without taking into consideration already used UTXOs. This issue will lead to unexpected SDK behaviour, such as a transaction not getting included in the `txpool` / in a block or a previous transaction silently getting removed from the `txpool` and replaced with a new one.
Overview
  • CVE ID
  • CVE-2024-41945
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-07-30T19:42:06.663Z
  • Last Modified Date
  • 2024-07-30T19:42:06.663Z
References
Reference URL Reference Tags
https://github.com/FuelLabs/fuels-ts/security/advisories/GHSA-3jcg-vx7f-j6qf x_refsource_CONFIRM
History
Created Old Value New Value Data Type Notes
2024-07-31 13:10:42 Added to TrackCVE