Torres-Ssf

**Name of the Vulnerable Software and Affected Versions** fuels-ts (affected versions not specified) **Description** The typescript SDK has no awareness of to-be-spent transactions, causing some transactions to fail or silently get pruned as they are funded with already used UTXOs. This issue occurs because the `fund` function in `fuels-ts/packages/account/src/account.ts` gets the needed resources statelessly with the function `getResourcesToSpend` without taking into consideration already used UTXOs. This can lead to unexpected SDK behavior, such as a transaction not getting included in the `txpool` or a previous transaction silently getting removed from the `txpool` and replaced with a new one. **Recommendations** To resolve this issue, it is recommended to add a buffer to the `Account` class, in which retrieved `resources` are saved. These can then be provided to `getResourcesToSpend` to be excluded from future queries but need to be removed from the buffer if their respective transaction fails to be included, in order to be able to use those `resources` again in such cases. At the moment, there is no information about a newer version that contains a fix for this vulnerability.