PT-2025-47978 · Unknown · Inside Track / Entropy Derby
Published
2025-11-25
·
Updated
2025-11-30
·
CVE-2025-65951
CVSS v3.1
8.7
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Inside Track / Entropy Derby versions prior to commit 2d38d2f
Description
The VDF-based timelock encryption system in Inside Track / Entropy Derby fails to enforce sequential delay against the betting operator. This allows bettors to pre-compute the entire Wesolowski VDF and include the
vdfOutputHex in their encrypted bet ticket, enabling the house to decrypt immediately using fast proof verification instead of expensive VDF evaluation. The issue was addressed with commit 2d38d2f.Recommendations
Update to commit 2d38d2f or later to resolve this issue.
Exploit
Fix
Use of a Broken Cryptographic Algorithm
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Inside Track / Entropy Derby