CVE-2026-40583

Published
View on NVD ↗
CVSS v3
8.2
HIGH
CVSS v2
N/A
Affected
1
PROJECT

Description

UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that passes signature, nonce, and balance prechecks, but fails authorization only after state mutation has already occurred.

UltraDAGcom/core
UltraDAGcom/core
Minimal DAG-BFT blockchain in Rust. Sub-4 MB full-node binary, 2–3 round deterministic finality, passkey-native wallets, runs on a $15 Raspberry Pi Zero 2 W. Built for IoT and machine-to-machine micropayments. Live testnet + 500k UDAG bug bounty.
GitHubGitHub
5