From e3d5209e4dcf633d4bbf1adf6eb5c47365123c13 Mon Sep 17 00:00:00 2001 From: Amarantha Kulkarni Date: Fri, 10 Jan 2025 11:30:44 -0800 Subject: [PATCH] Update blog/2025/vulnerabilitydisclosurereport-bug-nov2024.md Co-authored-by: Mayukha Vadari --- blog/2025/vulnerabilitydisclosurereport-bug-nov2024.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blog/2025/vulnerabilitydisclosurereport-bug-nov2024.md b/blog/2025/vulnerabilitydisclosurereport-bug-nov2024.md index 28d2d6d463..13b341b8f4 100644 --- a/blog/2025/vulnerabilitydisclosurereport-bug-nov2024.md +++ b/blog/2025/vulnerabilitydisclosurereport-bug-nov2024.md @@ -40,7 +40,7 @@ The transactions and fields that caused this issue: * `NFTokenAcceptOffer` (`NFTokenBuyOffer/NFTokenSellOffer`) * The `CredentialID` field in several transactions (this code is not yet live) -The common factor of the vulnerable transactions was that they accepted an ID of an object (e.g. check, payment channel, NFT token offer, credential etc.) provided in the transaction and used it to lookup the object referred to by the transaction. This was expected to work, and the worst that could happen (assuming there were no bugs) was that the object found was of the wrong type, which should have been handled the same way as if the object was not found. The bug turned the “found object of unexpected type“ condition into an exception, which crashed the program. +The common factor of the vulnerable transactions was that they accepted an ID of an object of a specific type (e.g. check, payment channel, NFT token offer, credential etc.) provided in the transaction and used it to lookup the object referred to by the transaction. This was expected to work, and the worst that could happen (assuming there were no bugs) was that the object found was of the wrong type, which should have been handled the same way as if the object was not found. The bug turned the “found object of unexpected type“ condition into an exception, which crashed the program. ### Root Cause