AIKIDO-2026-10322
@argonprotocol/mainchain is vulnerable to Allocation of Resources Without Limits or Throttling
20
Low Risk
This Affects:
@argonprotocol/mainchainTL;DR
Affected versions of this package have a non-configurable RPC rate limit in the notary component, which can allow excessive or uncontrolled request handling under certain deployments. If the rate limit is disabled, improperly configured, or set too high, an attacker could repeatedly send large volumes of RPC requests to the notary service, thereby exhausting CPU, memory, or network resources. This behavior may lead to service degradation or denial of service (DoS), potentially preventing legitimate clients from interacting with the notary infrastructure. Configurable rate limiting helps enforce request throttling and mitigate abuse of the RPC interface.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
@argonprotocol/mainchain is vulnerable to Allocation of Resources Without Limits or Throttling in versions 0.0.2 - 1.3.27.
How to fix this
Upgrade the @argonprotocol/mainchain library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant