skalenetwork/sgxwallet

GitHub

github.com

skale.network

Releases406

Frequency5 days 17 hours

Last Release 19 days ago

Stars68

sgxwallet is the first-ever opensource high-performance hardware secure crypto wallet that is based on Intel SGX technology. First opensource product on Intel SGX whitelist. Scales to 100,000+ transactions per second. Currently supports ETH and SKALE, and will support BTC in the future. Sgxwallet is under heavy development and use by SKALE network.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-36198 ↗	Aug 25, 2023Friday, 25 August 2023, 20:15	7.5 HIGH	—
Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows an attacker to cause a denial of service via the trustedBlsSignMessage function.
CVE-2023-36199 ↗	Aug 25, 2023Friday, 25 August 2023, 20:15	7.5 HIGH	—
An issue in skalenetwork sgxwallet v.1.9.0 and below allows an attacker to cause a denial of service via the trustedGenerateEcdsaKey component.
CVE-2021-36218 ↗	Sep 27, 2021Monday, 27 September 2021, 14:15	7.5 HIGH	5 MEDIUM
An issue was discovered in SKALE sgxwallet 1.58.3. sgx_disp_ippsAES_GCMEncrypt allows an out-of-bounds write, resulting in a segfault and compromised enclave. This issue describes a buffer overflow, which was resolved prior to v1.77.0 and not reproducible in latest sgxwallet v1.77.0
CVE-2021-36219 ↗	Sep 27, 2021Monday, 27 September 2021, 14:15	9.8 CRITICAL	7.5 HIGH
An issue was discovered in SKALE sgxwallet 1.58.3. The provided input for ECALL 14 triggers a branch in trustedEcdsaSign that frees a non-initialized pointer from the stack. An attacker can chain multiple enclave calls to prepare a stack that contains a valid address. This address is then freed, resulting in compromised integrity of the enclave. This was resolved after v1.58.3 and not reproducible in sgxwallet v1.77.0.