CVE-2023-34458

Name of the Vulnerable Software and Affected Versions mx-chain-go versions prior to 1.4.17

Description The issue occurs when executing a relayed transaction in mx-chain-go, the official implementation of the MultiversX blockchain protocol. If the inner transaction fails, it increases the inner transaction's sender account nonce, potentially contributing to a limited Denial of Service (DoS) attack on a targeted account. This is a strict processing issue that happens while validating blocks on a chain.

Recommendations For versions prior to 1.4.17, update to version 1.4.17 or later to resolve the issue. As a temporary workaround, consider restricting the use of relayed transactions until the update is applied. Avoid using the RelayedNonceFixEnableEpoch flag in versions prior to 1.4.17, as it is not applicable.