Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Soroban RPC does not validate the bucket list hash when ingesting ledger entries from history archives #144

Closed
tamirms opened this issue Apr 17, 2024 · 0 comments · Fixed by #145
Assignees
Labels
bug Something isn't working rpc-sdk-scrum

Comments

@tamirms
Copy link
Contributor

tamirms commented Apr 17, 2024

If Soroban RPC uses a corrupted history archive endpoint it is possible for Soroban RPC to ingest invalid data. Horizon does not suffer from this vulnerability so we should employ the same solution in Soroban RPC.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working rpc-sdk-scrum
Projects
Status: Done
2 participants