Blockchain

Zebra's block validator undercounts signature operations, allowing it to accept invalid blocks, leading to a network split between Zebra and zcashd nodes.

A vulnerability in the Mezo bridge allows for the potential full drain of the L1 bridge without changing the bridged balance on Mezo due to a stale StateDB overwrite, enabling a malicious user to steal ERC-20 tokens locked in the L1 bridge.

A vulnerability in nimiq-blockchain versions 1.3.0 and earlier allows malicious validators to manipulate block timestamps, leading to inflation of the monetary supply.

BSV Ruby SDK versions before 0.8.2 improperly handle ARC responses, treating certain failure statuses as successful broadcasts, potentially tricking applications into trusting unaccepted transactions; version 0.8.2 resolves this vulnerability.

Zebra and zcashd disagree on a consensus rule for V5+ transparent spends related to SIGHASH_SINGLE handling when the input index has no corresponding output, leading to a consensus split where Zebra accepts invalid blocks rejected by zcashd.

A vulnerability exists in Nimiq Block's SkipBlockProof verification process, allowing attackers to bypass quorum checks by manipulating MultiSignature signers with out-of-range indices, potentially compromising blockchain integrity, and affecting rust/nimiq-block versions 0.2.0 and earlier.