CVE-2023-42806

Summary

CVE-2023-42806 is a vulnerability affecting Hydra, the layer-two scalability solution for Cardano, prior to version 0.13.0. This issue permits an attacker, who must be a participant in a head, to manipulate the snapshot from an old head instance and close it or contest the state with it. Consequences of this vulnerability include an incorrect distribution of value, leading to a value extraction attack, and a denial of service by preventing the head from finalizing due to inconsistent available value with the closed UTXO state. A patch is scheduled for version 0.13.0, and as a temporary workaround, users should rotate keys between heads to prevent the reuse of keys and the same multi-signature participants.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.