An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS05bWZjLWNod2YtN3doZs4AAvq9

ckb: Large dep group requires a lot of resources to process but the cost to commit the transaction is very low.


When a transaction contains a dep group with many cells, the resources required to process it are not linear to the transaction size nor spent script cycles.


In 0.43.3, nodes drop the transactions relayed to them when they contain a dep group with more than 64 cells. They do not ban peers who send them such transactions.

In 0.100, the consensus disallow transactions using a dep group with more than 64 cells. Peers relaying such transaction must be banned. Blocks committing such transactions must be rejected.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 11 months ago
Updated: 9 months ago

Identifiers: GHSA-9mfc-chwf-7whf

Affected Packages

Versions: < 0.43.3
Fixed in: 0.43.3