Mrd0Ll4R

**Name of the Vulnerable Software and Affected Versions** go-merkledag versions prior to 0.8.1 **Description** A `ProtoNode` may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A `ProtoNode` should only be able to encode to valid DAG-PB, attempting to encode invalid DAG-PB forms will result in an error from the codec. Manipulation of an existing `ProtoNode` using the modifier methods did not account for certain states that would place the `ProtoNode` into an unencodeable form. Due to conformance with the interfaces, certain methods will panic due to the inability to return an error. Additionally, use of the `ProtoNode.SetCidBuilder()` method to set a non-functioning `CidBuilder` may cause the same methods to panic as a new CID is required but cannot be created. **Recommendations** To resolve the issue, upgrade to version 0.8.1 for a complete set of fixes. For users unable to upgrade, consider sanitising inputs when allowing user-input to set a new `CidBuilder` on a `ProtoNode` and sanitising `Tsize` (`Link#Size`) values such that they are a reasonable byte-size for sub-DAGs where derived from user-input.