Skip to main content

Soroban version

Description

Using an old version of Soroban can be dangerous, as it may have bugs or security issues. Use the latest version available.

Exploit Scenario

Consider the following Cargo.toml:

    [dependencies]
soroban-sdk = { version = "=19.0.0" }

[dev-dependencies]
soroban-sdk = { version = "=19.0.0", features = ["testutils"] }

Problems can arise if the version is not updated to the latest available.

The vulnerable code example can be found here.

Remediation

    [dependencies]
// Use the latest version available.
soroban-sdk = { workspace = true }

[dev-dependencies]
soroban-sdk = { workspace = true, features = ["testutils"] }

The remediated code example can be found here.

References