Rewards Hub BlockSec Phalcon has identified a vulnerability in the Hyperbridge HandlerV1 contract due to missing input validation. The VerifyProof() function fails to verify that leaf_index is less than leafCount, which can result in the MMR calculation excluding the requested commitment under certain parameters. This flaw allows attackers to forge seemingly valid cross-chain messages by decoupling the proof from the actual message.
Hyperbridge HandlerV1 Contract Vulnerability Exposes Cross-Chain Message Forgery Risk
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.