AIKIDO-2026-10062
ethereum_ssz_derive is vulnerable to Improper Neutralization of Trailing Special Elements
71
High Risk
This Affects:
ethereum_ssz_deriveTL;DR
Affected versions of this package are vulnerable to an SSZ deserialization flaw in the Option<T> type due to improper validation of trailing bytes. When decoding an Option<T> with the 'None' selector (0x00), the implementation correctly returns None but fails to enforce that the remaining payload must be zero-length. It allows arbitrary extra 'dirty' bytes to be present and ignored during deserialization. An attacker could craft multiple different byte sequences that all decode to the same logical None value, leading to critical hash mismatches where two semantically identical objects have different Merkle tree roots, potentially disrupting network consensus and causing chain splits.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
ethereum_ssz_derive is vulnerable to Improper Neutralization of Trailing Special Elements in versions 0.5.0 - 0.10.0.
How to fix this
Upgrade the ethereum_ssz_derive library to a patch version.
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
No credit card required | Scan results in 32secs.
SOC 2Compliant
ISO 27001Compliant