This project might be open to known security vulnerabilities , which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom .
Crate multiversx-sc-codec
Dependencies (2 total, all up-to-date)
Crate multiversx-sc-codec-derive
Dependencies (4 total, 3 outdated)
Crate Required Latest Status proc-macro2 =1.0.78
1.0.81
out of date quote =1.0.35
1.0.36
out of date syn =2.0.48
2.0.60
out of date hex =0.4.3
0.4.3
up to date
Crate multiversx-sc
Dependencies (3 total, 2 outdated)
Crate multiversx-sc-derive
Dependencies (5 total, 3 outdated)
Crate Required Latest Status proc-macro2 =1.0.78
1.0.81
out of date quote =1.0.35
1.0.36
out of date syn =2.0.48
2.0.60
out of date hex =0.4.3
0.4.3
up to date radix_trie =0.2.1
0.2.1
up to date
Crate multiversx-sc-meta
Dependencies (18 total, 4 outdated)
Crate multiversx-sc-scenario
Dependencies (15 total, 2 outdated)
Crate multiversx-sc-snippets
Dependencies (6 total, 1 outdated)
Crate Required Latest Status tokio ^1.24
1.37.0
up to date hex ^0.4
0.4.3
up to date base64 ^0.21.5
0.22.1
out of date log ^0.4.17
0.4.21
up to date env_logger ^0.11
0.11.3
up to date futures ^0.3
0.3.30
up to date
Crate multiversx-sc-wasm-adapter
No external dependencies! 🙌
Crate multiversx-sdk
Dependencies (18 total, 3 outdated)
Crate Required Latest Status tokio ^1.24
1.37.0
up to date reqwest ^0.11.4
0.12.4
out of date serde ^1.0.130
1.0.200
up to date serde_json ^1.0.68
1.0.116
up to date serde_repr ^0.1.8
0.1.19
up to date anyhow ^1.0.44
1.0.82
up to date rand ^0.8.5
0.8.5
up to date bip39 ^2.0.0
2.0.0
up to date sha2 ^0.10.8
0.10.8
up to date sha3 ^0.10.8
0.10.8
up to date hmac ^0.12.1
0.12.1
up to date hex ^0.4.3
0.4.3
up to date base64 ^0.21.5
0.22.1
out of date pbkdf2 ^0.12.2
0.12.2
up to date zeroize ^1.4.2
1.7.0
up to date bech32 ^0.9
0.11.0
out of date itertools ^0.12.0
0.12.1
up to date pem ^3.0.2
3.0.4
up to date
Crate multiversx-chain-scenario-format
Dependencies (7 total, 1 outdated)
Crate mxpy-snippet-generator
Dependencies (4 total, 1 outdated)
Crate multiversx-chain-vm
Dependencies (13 total, 2 outdated, 1 possibly insecure)
Crate multiversx-sc-modules
No external dependencies! 🙌
Crate multiversx-price-aggregator-sc
Dependencies (3 total, all up-to-date)
Crate Required Latest Status arrayvec ^0.7
0.7.4
up to date rand ^0.8.5
0.8.5
up to date getrandom ^0.2
0.2.14
up to date
Crate multiversx-price-aggregator-sc-meta
No external dependencies! 🙌
Crate multiversx-wegld-swap-sc
No external dependencies! 🙌
Crate multiversx-wegld-swap-sc-meta
No external dependencies! 🙌
Crate benchmark-common
No external dependencies! 🙌
Crate linked-list-repeat
No external dependencies! 🙌
Crate linked-list-repeat-meta
No external dependencies! 🙌
Crate map-repeat
No external dependencies! 🙌
Crate map-repeat-meta
No external dependencies! 🙌
Crate queue-repeat
No external dependencies! 🙌
Crate queue-repeat-meta
No external dependencies! 🙌
Crate set-repeat
No external dependencies! 🙌
Crate set-repeat-meta
No external dependencies! 🙌
Crate single-value-repeat
No external dependencies! 🙌
Crate single-value-repeat-meta
No external dependencies! 🙌
Crate vec-repeat
No external dependencies! 🙌
Crate vec-repeat-meta
No external dependencies! 🙌
Crate large-storage
No external dependencies! 🙌
Crate large-storage-meta
No external dependencies! 🙌
Crate str-repeat
No external dependencies! 🙌
Crate str-repeat-meta
No external dependencies! 🙌
Crate send-tx-repeat
No external dependencies! 🙌
Crate send-tx-repeat-meta
No external dependencies! 🙌
Crate adder
No external dependencies! 🙌
Crate adder-meta
No external dependencies! 🙌
Crate basic-interact
Dependencies (3 total, all up-to-date)
Crate Required Latest Status clap ^4.4.7
4.5.4
up to date serde ^1.0
1.0.200
up to date toml ^0.8.6
0.8.12
up to date
Crate esdt-transfer-with-fee
No external dependencies! 🙌
Crate esdt-transfer-with-fee-meta
No external dependencies! 🙌
Crate bonding-curve-contract
No external dependencies! 🙌
Crate bonding-curve-contract-meta
No external dependencies! 🙌
Crate crowdfunding-esdt
Dev dependencies (3 total, all up-to-date)
Crate crowdfunding-esdt-meta
No external dependencies! 🙌
Crate crypto-bubbles
No external dependencies! 🙌
Crate crypto-bubbles-meta
No external dependencies! 🙌
Crate crypto-zombies
No external dependencies! 🙌
Crate crypto-zombies-meta
No external dependencies! 🙌
Crate check-pause
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status num-bigint ^0.4
0.4.4
up to date
Crate check-pause-meta
No external dependencies! 🙌
Crate kitty-ownership
No external dependencies! 🙌
Crate kitty-ownership-meta
No external dependencies! 🙌
Crate kitty-genetic-alg
No external dependencies! 🙌
Crate kitty-genetic-alg-meta
No external dependencies! 🙌
Crate kitty-auction
No external dependencies! 🙌
Crate kitty-auction-meta
No external dependencies! 🙌
Crate digital-cash
No external dependencies! 🙌
Crate digital-cash-meta
No external dependencies! 🙌
Crate empty
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status num-bigint ^0.4
0.4.4
up to date
Crate empty-meta
No external dependencies! 🙌
Crate factorial
No external dependencies! 🙌
Crate factorial-meta
No external dependencies! 🙌
Crate fractional-nfts
No external dependencies! 🙌
Crate fractional-nfts-meta
No external dependencies! 🙌
Crate lottery-esdt
No external dependencies! 🙌
Crate lottery-esdt-meta
No external dependencies! 🙌
Crate multisig
Dev dependencies (3 total, all up-to-date)
Crate multisig-meta
No external dependencies! 🙌
Crate multisig-interact
Dependencies (3 total, all up-to-date)
Crate Required Latest Status clap ^4.4.7
4.5.4
up to date serde ^1.0
1.0.200
up to date toml ^0.8.6
0.8.12
up to date
Crate nft-minter
No external dependencies! 🙌
Crate nft-minter-meta
No external dependencies! 🙌
Crate nft-subscription
No external dependencies! 🙌
Crate nft-subscription-meta
No external dependencies! 🙌
Crate nft-storage-prepay
No external dependencies! 🙌
Crate nft-storage-prepay-meta
No external dependencies! 🙌
Crate order-book-factory
No external dependencies! 🙌
Crate factory-meta
No external dependencies! 🙌
Crate order-book-pair
No external dependencies! 🙌
Crate pair-meta
No external dependencies! 🙌
Crate proxy-pause
No external dependencies! 🙌
Crate proxy-pause-meta
No external dependencies! 🙌
Crate ping-pong-egld
No external dependencies! 🙌
Crate ping-pong-egld-meta
No external dependencies! 🙌
Crate rewards-distribution
No external dependencies! 🙌
Crate rewards-distribution-meta
No external dependencies! 🙌
Crate seed-nft-minter
No external dependencies! 🙌
Crate seed-nft-minter-meta
No external dependencies! 🙌
Crate token-release
No external dependencies! 🙌
Crate token-release-meta
No external dependencies! 🙌
Crate abi-tester
No external dependencies! 🙌
Crate abi-tester-meta
No external dependencies! 🙌
Crate alloc-features
No external dependencies! 🙌
Crate alloc-features-meta
No external dependencies! 🙌
Crate basic-features
No external dependencies! 🙌
Crate basic-features-meta
No external dependencies! 🙌
Crate basic-features-interact
Dependencies (3 total, all up-to-date)
Crate Required Latest Status clap ^4.4.7
4.5.4
up to date serde ^1.0
1.0.200
up to date toml ^0.8.6
0.8.12
up to date
Crate big-float-features
No external dependencies! 🙌
Crate big-float-features-meta
No external dependencies! 🙌
Crate composability-tests
No external dependencies! 🙌
Crate interact
Dependencies (3 total, all up-to-date)
Crate Required Latest Status clap ^4.4.7
4.5.4
up to date serde ^1.0
1.0.200
up to date toml ^0.8.6
0.8.12
up to date
Crate builtin-func-features
No external dependencies! 🙌
Crate builtin-func-features-meta
No external dependencies! 🙌
Crate esdt-contract-pair
No external dependencies! 🙌
Crate first-contract
No external dependencies! 🙌
Crate first-contract-meta
No external dependencies! 🙌
Crate second-contract
No external dependencies! 🙌
Crate second-contract-meta
No external dependencies! 🙌
Crate parent
No external dependencies! 🙌
Crate parent-meta
No external dependencies! 🙌
Crate child
No external dependencies! 🙌
Crate child-meta
No external dependencies! 🙌
Crate forwarder
No external dependencies! 🙌
Crate forwarder-meta
No external dependencies! 🙌
Crate forwarder-queue
No external dependencies! 🙌
Crate forwarder-queue-meta
No external dependencies! 🙌
Crate forwarder-raw
No external dependencies! 🙌
Crate forwarder-raw-meta
No external dependencies! 🙌
Crate local-esdt-and-nft
No external dependencies! 🙌
Crate local-esdt-and-nft-meta
No external dependencies! 🙌
Crate promises-features
No external dependencies! 🙌
Crate promises-features-meta
No external dependencies! 🙌
Crate proxy-test-first
Dependencies (1 total, all up-to-date)
Crate Required Latest Status hex-literal ^0.4.1
0.4.1
up to date
Crate proxy-test-first-meta
No external dependencies! 🙌
Crate proxy-test-second
No external dependencies! 🙌
Crate proxy-test-second-meta
No external dependencies! 🙌
Crate recursive-caller
No external dependencies! 🙌
Crate recursive-caller-meta
No external dependencies! 🙌
Crate transfer-role-features
No external dependencies! 🙌
Crate transfer-role-features-meta
No external dependencies! 🙌
Crate vault
No external dependencies! 🙌
Crate vault-meta
No external dependencies! 🙌
Crate crowdfunding-erc20
No external dependencies! 🙌
Crate crowdfunding-erc20-meta
No external dependencies! 🙌
Crate erc20
No external dependencies! 🙌
Crate erc20-meta
No external dependencies! 🙌
Crate erc721
No external dependencies! 🙌
Crate erc721-meta
No external dependencies! 🙌
Crate erc1155
No external dependencies! 🙌
Crate erc1155-meta
No external dependencies! 🙌
Crate erc1155-marketplace
No external dependencies! 🙌
Crate erc1155-marketplace-meta
No external dependencies! 🙌
Crate erc1155-user-mock
No external dependencies! 🙌
Crate erc1155-user-mock-meta
No external dependencies! 🙌
Crate lottery-erc20
No external dependencies! 🙌
Crate lottery-erc20-meta
No external dependencies! 🙌
Crate esdt-system-sc-mock
No external dependencies! 🙌
Crate esdt-system-sc-mock-meta
No external dependencies! 🙌
Crate formatted-message-features
No external dependencies! 🙌
Crate formatted-message-features-meta
No external dependencies! 🙌
Crate managed-map-features
No external dependencies! 🙌
Crate managed-map-features-meta
No external dependencies! 🙌
Crate multi-contract-features
No external dependencies! 🙌
Crate multi-contract-features-meta
No external dependencies! 🙌
Crate panic-message-features
No external dependencies! 🙌
Crate panic-message-features-meta
No external dependencies! 🙌
Crate payable-features
No external dependencies! 🙌
Crate payable-features-meta
No external dependencies! 🙌
Crate rust-snippets-generator-test
No external dependencies! 🙌
Crate rust-snippets-generator-test-meta
No external dependencies! 🙌
Crate rust-testing-framework-tester
Dev dependencies (3 total, all up-to-date)
Crate rust-testing-framework-tester-meta
No external dependencies! 🙌
Crate use-module
No external dependencies! 🙌
Crate use-module-meta
No external dependencies! 🙌
Crate exchange-features
No external dependencies! 🙌
Crate exchange-features-meta
No external dependencies! 🙌
Crate kitty
No external dependencies! 🙌
Crate random
No external dependencies! 🙌
Security Vulnerabilities ed25519-dalek
: Double Public Key Signing Function Oracle Attack on `ed25519-dalek`RUSTSEC-2022-0093
Versions of ed25519-dalek
prior to v2.0 model private and public keys as
separate types which can be assembled into a Keypair
, and also provide APIs
for serializing and deserializing 64-byte private/public keypairs.
Such APIs and serializations are inherently unsafe as the public key is one of
the inputs used in the deterministic computation of the S
part of the signature,
but not in the R
value. An adversary could somehow use the signing function as
an oracle that allows arbitrary public keys as input can obtain two signatures
for the same message sharing the same R
and only differ on the S
part.
Unfortunately, when this happens, one can easily extract the private key.
Revised public APIs in v2.0 of ed25519-dalek
do NOT allow a decoupled
private/public keypair as signing input, except as part of specially labeled
"hazmat" APIs which are clearly labeled as being dangerous if misused.