GHSA-9mfc-chwf-7whf: ckb: Large dep group requires a lot of resources to process but the cost to commit the transaction is very low.

November 2, 2022

When a transaction contains a dep group with many cells, the resources required to process it are not linear to the transaction size nor spent script cycles.

References

github.com/advisories/GHSA-9mfc-chwf-7whf
github.com/nervosnetwork/ckb
github.com/nervosnetwork/ckb/security/advisories/GHSA-9mfc-chwf-7whf

Code Behaviors & Features

Detect and mitigate GHSA-9mfc-chwf-7whf with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →