Eduarddfinity

**Name of the Vulnerable Software and Affected Versions** Agent Dart versions prior to 1.0.0-dev.29 **Description** The issue is related to improper certificate verification in the `lib/agent/certificate.dart` file. Specifically, during delegation verification in the ` checkDelegation` function, the `canister ranges` are not verified, allowing a subnet to sign canister responses on behalf of another subnet. Additionally, the certificate's timestamp, i.e., the `/time` path, is not verified, effectively giving the certificate no expiration time. **Recommendations** For versions prior to 1.0.0-dev.29, update to version 1.0.0-dev.29 to fix the certificate verification issue. As a temporary workaround, consider restricting the use of the ` checkDelegation` function in the `lib/agent/certificate.dart` file until the update is applied. Avoid using the `canister ranges` variable in the affected API endpoints until the issue is resolved.