Leighmcculloh

**Name of the Vulnerable Software and Affected Versions** soroban-sdk versions 22.0.11 through 23.5.3 and 25.3.0 **Description** The soroban-sdk, a Rust SDK for Soroban contracts, had an issue where the `Fr` (scalar field) types for BN254 and BLS12-381 compared values using their raw U256 representation without first reducing modulo the field modulus `r`. This caused mathematically equal field elements to compare as not-equal when one or both values were unreduced (i.e., greater than or equal to `r`). Exploitation requires an attacker to supply crafted `Fr` values through contract inputs and compare them directly without host-side arithmetic operations. Smart contracts relying on `Fr` equality checks for security-critical logic could produce incorrect results, potentially leading to incorrect authorization decisions or validation bypasses when performing equality checks on user-supplied scalar values. The `Fr` types are wrappers around `U256`, and the `PartialEq` implementation compared the raw `U256` values directly. Constructors accepted arbitrary `U256` values without reducing them modulo `r`, meaning two `Fr` values representing the same field element could have different internal representations and compare as not-equal. **Recommendations** Upgrade to version 22.0.11, 23.5.3, or 25.3.0 of soroban-sdk. Review any deployed contracts that accept `Fr` values as input and compare those values using `==`, `!=`, or `assert eq!`. These contracts may be vulnerable if an attacker can supply unreduced scalar values to bypass equality checks.