Sgbett

**Name of the Vulnerable Software and Affected Versions** BSV Ruby SDK versions 0.1.0 through 0.8.1 **Description** The BSV Ruby SDK's ARC broadcaster incorrectly treats certain failure statuses from the ARC endpoint as successful broadcasts. Specifically, responses with `txStatus` values of `INVALID`, `MALFORMED`, `MINED IN STALE BLOCK`, or containing `ORPHAN` in `extraInfo` or `txStatus` are not recognized as failures. This can lead applications to incorrectly trust transactions that were not accepted by the network, potentially impacting integrity. The issue stems from a narrow failure predicate in the `BSV::Network::ARC` module. The `Content-Type` is sent as `application/octet-stream` instead of `application/json`, and headers `XDeployment-ID`, `X-CallbackUrl`, and `X-CallbackToken` are not sent. The vulnerability affects integrity, as callers receive a success response for broadcasts that were actually rejected. **Recommendations** Upgrade to BSV Ruby SDK version 0.8.2 or later. This version expands the failure predicate to correctly identify and handle the aforementioned failure statuses.