Leighmcculloch

**Name of the Vulnerable Software and Affected Versions** stellar-xdr versions prior to 25.0.1 **Description** The `StringM::from str` function does not properly validate the length of input strings. When calling `StringM::<N>::from str(s)` with a string `s` exceeding the maximum allowed length `N`, the function incorrectly returns an `Ok` value instead of an error. This results in the creation of a `StringM` object that violates its length constraint. This issue impacts code that relies on the maximum length constraint being enforced when constructing `StringM` values from string input using `FromStr`, including `str::parse`. An oversized `StringM` could potentially propagate through serialization, validation, or other logic that assumes the length invariant is maintained. **Recommendations** Upgrade to version 25.0.1 or later. As a workaround, validate the byte length of string input before calling `StringM::from str`, or construct `StringM` values via `StringM::try from(s.as bytes().to vec())` to correctly enforce the length constraint.

**Name of the Vulnerable Software and Affected Versions** soroban-sdk versions 22.0.9 through 25.0.1 soroban-sdk version 23.5.1 soroban-sdk version 25.0.2 **Description** The `soroban-sdk` contains an arithmetic overflow issue in the `Bytes::slice`, `Vec::slice`, and `Prng::gen range` (for `u64`) methods. When compiled with `overflow-checks = false`, these functions can silently wrap on boundary values, leading to incorrect data ranges or unintended random number generation, potentially corrupting contract state. The issue occurs when user-controlled or computed range bounds are passed to these methods. The best practice is to enable `overflow-checks = true` during contract development, which is encouraged by the `stellar contract init` tool. The fix replaces bare arithmetic with `checked add` and `checked sub`, ensuring overflow traps regardless of the `overflow-checks` profile setting. **Recommendations** soroban-sdk versions 22.0.9 through 25.0.1: Configure contract workspaces with a profile to enable overflow checks, setting `overflow-checks = true`. soroban-sdk version 23.5.1: Configure contract workspaces with a profile to enable overflow checks, setting `overflow-checks = true`. soroban-sdk version 25.0.2: Configure contract workspaces with a profile to enable overflow checks, setting `overflow-checks = true`. Alternatively, validate range bounds before passing them to `slice` or `gen range` to prevent overflows. Do not pass `Bound::Excluded(u32::MAX)` or `Bound::Included(u32::MAX)` to `Bytes::slice` or `Vec::slice`. Do not pass `Bound::Excluded(u64::MAX)` as a start bound or `Bound::Excluded(0)` as an end bound to `Prng::gen range::<u64>`.

**Name of the Vulnerable Software and Affected Versions** js-stellar-sdk versions prior to 8.2.3 **Description** The `Utils.readChallengeTx` function in js-stellar-sdk does not verify that the server has signed the transaction, despite its documentation stating that it does. This issue affects applications that use `Utils.readChallengeTx` without also using `Utils.verifyChallengeTxThreshold` or `Utils.verifyChallengeTxSigners`, which do verify the server's signature. The function is used in SEP-10 Stellar Web Authentication to read and validate challenge transactions. **Recommendations** For js-stellar-sdk versions prior to 8.2.3, update to version 8.2.3 to ensure that the challenge transaction is completely valid and signed by the server creating the challenge transaction. As a temporary workaround, consider using `Utils.verifyChallengeTxThreshold` or `Utils.verifyChallengeTxSigners` to verify the signatures, including the server signature, on the challenge transaction.