Another proof verification issue, fixed in February in polkadot-sdk. The PR description is already self-explanatory. https://t.co/Tc5ZSer8a6 For this one I haven't checked deeper and I won't say I'm entirely sure compared with the last one -- it is supposed to be a "fix" and `git blame` tells me that the bug has existed for a long time. Not validating `tx_index` should have gone really bad allowing forged proofs. Probably they deemed that the bug is not exploitable by itself? Anyway, this is three in a row. All proof verification bugs. One in Hyperbridge. Two in Polkadot SDK. If it were me I'll probably consider a full security audit. There seems to be some systematic issues in this specific area.
Share
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.