Fixed: Cadence Vulnerability 2024-08-30 (default functions)

Issue Overview

  • Current Status: Issue Fixed
  • Affected Network: Testnet, Mainnet

Summary of Impact

A low-impact vulnerability that could have lead to resources being lost, by the non-execution of interface default functions.

Technical Summary of Issues

When a user-defined type conforms to multiple interfaces through interface inheritance, if there is a default implementation for a certain function available from one interface, and pre/post conditions for the same function defined in different interfaces, then there was a possibility of the default implementation getting skipped at runtime.

Mitigation

The security report was immediately acknowledged and reproduced. A fix were developed and deployed to all networks.

Recognition

As core contributors to the Flow ecosystem, we take reported issues very seriously and would like to thank Austin Kline from Flowty (austin@flowty.io) for reporting the issues responsibly through our Responsible Disclosure Policy.

1 Like