CVE-2026-40583
Authorization Bypass in UltraDAG 0.1 Allows Unauthorized State Mutation
Publication date: 2026-04-21
Last updated on: 2026-04-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ultradag | ultradag | 0.1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-696 | The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways that may produce resultant weaknesses. |
| CWE-460 | The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-40583 is a critical vulnerability in the UltraDAGcom core blockchain software version 0.1, specifically in the handling of SmartOp::Vote transactions. The flaw arises because the system debits transaction fees and increments the nonce before verifying if the sender is authorized (i.e., a council member) to perform the vote operation.
An attacker who is not a council member can submit a signed vote transaction that passes initial checks like signature, nonce, and balance verification but fails authorization only after the state has been partially mutated (fee debited and nonce incremented). This improper ordering causes partial state changes despite the operation being unauthorized.
Additionally, when the authorization fails, the nonce is incremented again by an outer error handler, causing a double nonce increment. This leads to a supply invariant violation because the fee is removed from the attacker's balance but not credited elsewhere, corrupting the total supply accounting.
As a result, the node detects this inconsistency and triggers a fatal shutdown to prevent further damage.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including:
- Complete denial-of-service (DoS) by causing a fatal node halt when an unauthorized vote transaction is submitted.
- Network-wide risk where multiple validators can be halted by the same malformed transaction, potentially causing consensus failure.
- State corruption due to partial state mutation despite operation failure, breaking supply invariants and nonce integrity.
- Nonce corruption from double increments, which can break replay protection and potentially lock the attackerβs account.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring node logs for fatal supply invariant errors and node shutdowns with exit code 101, which indicate that the node has halted due to state corruption caused by unauthorized SmartOp::Vote transactions.
Specifically, look for log entries related to 'CoinError::SupplyInvariantBroken' or fatal errors triggered by supply invariant violations.
Additionally, detecting repeated nonce increments or unexpected fee burns on accounts submitting Vote transactions may indicate exploitation attempts.
While no explicit commands are provided in the resources, node operators should check their node logs for fatal errors and exit codes, and monitor transaction patterns for unauthorized Vote SmartOps.
What immediate steps should I take to mitigate this vulnerability?
The immediate and primary mitigation step is to upgrade the UltraDAGcom core software to the patched version that fixes this vulnerability.
If your node has already been attacked and halted, do not restart it with the vulnerable binary; upgrade first before restarting.
Monitor node logs for fatal supply invariant errors and exit code 101 to detect potential attacks.
- Upgrade to the fixed version where authorization checks occur before any state mutation (fee debit and nonce increment).
- Avoid restarting nodes with the vulnerable software after an attack to prevent repeated node halts.
- Implement monitoring to detect unauthorized Vote SmartOp transactions and supply invariant violations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.