CVE-2024-41945
LOWfuels-ts < 0.93.0 - Transaction Failure via UTXO Reuse in Account Fund Function
Title source: llmDescription
fuels-ts is a library for interacting with Fuel v2. The typescript SDK has no awareness of to-be-spent transactions causing some transactions to fail or silently get pruned as they are funded with already used UTXOs. The problem occurs, because the `fund` function in `fuels-ts/packages/account/src/account.ts` gets the needed ressources statelessly with the function `getResourcesToSpend` without taking into consideration already used UTXOs. This issue will lead to unexpected SDK behaviour, such as a transaction not getting included in the `txpool` / in a block or a previous transaction silently getting removed from the `txpool` and replaced with a new one.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://github.com/FuelLabs/fuels-ts/security/advisories/GHSA-3jcg-vx7f-j6qf
Scores
CVSS v3
3.1
EPSS
0.0031
EPSS Percentile
22.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (2)
fuel-ts/account
0 - 0.93.0npm
FuelLabs/fuels-ts
< 0.93.0
Published
Jul 30, 2024
Tracked Since
Feb 18, 2026