漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
nimiq-blockchain is missing a wall-clock upper bound on block timestamps
Vulnerability Description
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp >= parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MIN_PRODUCER_TIMEOUT for skip blocks, but there is no visible upper bound check against the wall clock. A malicious block-producing validator can set block timestamps arbitrarily far in the future. This directly affects reward calculations via Policy::supply_at() and batch_delay() in blockchain/src/reward.rs, inflating the monetary supply beyond the intended emission schedule.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Vulnerability Type
CWE-1284
Vulnerability Title
core-rs-albatross 安全漏洞
Vulnerability Description
core-rs-albatross是Nimiq开源的一个Albatross协议的Rust实现。 core-rs-albatross 1.3.0及之前版本存在安全漏洞,该漏洞源于区块时间戳缺少上限检查,可能导致恶意验证者设置任意未来的时间戳,从而影响奖励计算。
CVSS Information
N/A
Vulnerability Type
N/A