DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-PM4J-7R4Q-CCG8: GHSA-PM4J-7R4Q-CCG8: State Inconsistency in Soroban Host Storage Key Conversion

#security #cve #cybersecurity #ghsa

GHSA-PM4J-7R4Q-CCG8: State Inconsistency in Soroban Host Storage Key Conversion

Vulnerability ID: GHSA-PM4J-7R4Q-CCG8
CVSS Score: 1.7
Published: 2026-03-07

A logic error in the Soroban host environment (soroban-env-host) allows for internal state corruption during the conversion of smart contract values (Val) to storage keys (ScVal). When a conversion fails—specifically involving prohibited types like MuxedAddress—an internal status flag indicating that a 'storage conversion is in progress' may remain incorrectly set to true. This inconsistent state persists for the duration of the host's execution context. Consequently, valid subsequent operations that rely on this flag, such as emitting events containing MuxedAddress objects or performing XDR serialization, are erroneously rejected. This vulnerability can lead to unexpected transaction failures and contract logic denial of service.

TL;DR

A flaw in soroban-env-host causes a state flag to get stuck if a storage key conversion fails. This prevents subsequent valid operations involving MuxedAddress, leading to transaction rollbacks. Fixed in version 26.0.0.

Technical Details

  • CWE ID: CWE-681
  • CVSS 4.0: 1.7 (Low)
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • Impact: Denial of Service (Transaction Rollback)

Affected Systems

  • Stellar Network Validators running Protocol < 26
  • Applications using soroban-env-host crate < 26.0.0
  • Soroban smart contracts relying on try_call for error handling
  • soroban-env-host: < 26.0.0 (Fixed in: 26.0.0)

Mitigation Strategies

  • Upgrade the Soroban host environment to version 26.0.0 or later.
  • Ensure smart contracts pre-validate storage keys to prevent invalid type conversions.
  • Implement robust error handling in parent contracts, but be aware that host state corruption may still affect subsequent operations.

Remediation Steps:

  1. Identify systems running soroban-env-host versions prior to 26.0.0.
  2. Update the dependency in Cargo.toml to soroban-env-host = "26.0.0".
  3. Recompile and redeploy affected components.
  4. Verify that transactions involving try_call and storage failures no longer cause subsequent event emission failures.

References

Read the full report for GHSA-PM4J-7R4Q-CCG8 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)