CVE-2026-40583

Name of the Vulnerable Software and Affected Versions UltraDAG version 0.1

Description A non-council attacker can submit a signed 'SmartOp::Vote' transaction that successfully passes signature, nonce, and balance prechecks. However, the authorization check fails only after state mutation has already occurred, potentially allowing unauthorized state changes.

Recommendations Update UltraDAG to a version where authorization checks for 'SmartOp::Vote' transactions are performed before state mutation.