Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality
Vulnerability Description
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "<" instead of "<=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing or griefing the channel for free. This issue has been patched in version 0.4.11.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
使用捕获-重放进行的认证绕过
Vulnerability Title
mppx 安全漏洞
Vulnerability Description
mppx是wevm开源的一个基于区块链的支付协议SDK。 mppx 0.4.11之前版本存在安全漏洞,该漏洞源于关闭凭证金额验证不当,可能导致通道被免费关闭或攻击。
CVSS Information
N/A
Vulnerability Type
N/A