CVE-2022-36447 - OpenCVE

An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the malicious actor pleases. This is true for every CAT1 on the Chia blockchain regardless of issuance rules. This attack is auditable on chain, so maliciously altered coins can potentially be marked by off-chain observers as malicious.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Chia	Network Cat1 Standard

Configuration 1 [-]

cpe:2.3:a:chia:network_cat1_standard:1.0.0:*:*:*:*:*:*:*

References

Link	Resource
https://chia.net	Vendor Advisory
https://www.chia.net/2022/07/25/upgrading-the-cat-standard.en.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-07-29T20:32:20

Updated: 2022-07-29T20:32:20

Reserved: 2022-07-25T00:00:00

Link: CVE-2022-36447

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-07-29T21:15:09.607

Modified: 2022-08-10T13:14:42.803

Link: CVE-2022-36447

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the malicious actor pleases. This is true for every CAT1 on the Chia blockchain regardless of issuance rules. This attack is auditable on chain, so maliciously altered coins can potentially be marked by off-chain observers as malicious."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-29T20:32:20", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://chia.net"}, {"tags": ["x_refsource_MISC"], "url": "https://www.chia.net/2022/07/25/upgrading-the-cat-standard.en.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-36447", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the malicious actor pleases. This is true for every CAT1 on the Chia blockchain regardless of issuance rules. This attack is auditable on chain, so maliciously altered coins can potentially be marked by off-chain observers as malicious."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://chia.net", "refsource": "MISC", "url": "https://chia.net"}, {"name": "https://www.chia.net/2022/07/25/upgrading-the-cat-standard.en.html", "refsource": "MISC", "url": "https://www.chia.net/2022/07/25/upgrading-the-cat-standard.en.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-36447", "datePublished": "2022-07-29T20:32:20", "dateReserved": "2022-07-25T00:00:00", "dateUpdated": "2022-07-29T20:32:20", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:chia:network_cat1_standard:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "061654C9-9A97-4DC1-B4C5-DDC3DA24226A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the malicious actor pleases. This is true for every CAT1 on the Chia blockchain regardless of issuance rules. This attack is auditable on chain, so maliciously altered coins can potentially be marked by off-chain observers as malicious."}, {"lang": "es", "value": "Se ha detectado un problema de inflaci\u00f3n en Chia Network CAT1 Standard versi\u00f3n 1.0.0. Los tokens acu\u00f1ados previamente en la blockchain de Chia usando el est\u00e1ndar CAT1 pueden ser inflados de forma arbitraria por cualquier poseedor de cualquier cantidad del token. La cantidad total del token puede incrementarse tanto como le plazca al actor malicioso. Esto es determinado para cada CAT1 en la cadena de bloques de Chia, independientemente de las normas de emisi\u00f3n. Este ataque es auditable en la cadena, por lo que las monedas alteradas maliciosamente pueden ser marcadas como maliciosas por los observadores fuera de la cadena"}], "id": "CVE-2022-36447", "lastModified": "2022-08-10T13:14:42.803", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-29T21:15:09.607", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://chia.net"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.chia.net/2022/07/25/upgrading-the-cat-standard.en.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}