blockmason credit-protocol UCAC CreditProtocol.sol executeUcacTx denial of service
Description
UNSUPPORTED WHEN ASSIGNED A vulnerability was found in blockmason credit-protocol. It has been declared as problematic. Affected by this vulnerability is the function executeUcacTx of the file contracts/CreditProtocol.sol of the component UCAC Handler. The manipulation leads to denial of service. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 082e01f18707ef995e80ebe97fcedb229a55efc5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-252799. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A denial-of-service vulnerability in the `executeUcacTx` function of blockmason's credit-protocol allows unauthenticated attackers to block legitimate UCAC transactions.
Vulnerability
The vulnerability resides in the executeUcacTx function of the contracts/CreditProtocol.sol file, part of the UCAC Handler component. This function is inexpensive and unauthenticated, and it increments the transaction counter for a UCAC without performing an actual transaction, up to that UCAC's transaction limit. The product does not use versioning, and affected versions are unsupported. The patch changes the function visibility from public to private [2].
Exploitation
An attacker can call executeUcacTx repeatedly without any authentication, continuously increasing the transaction counter and preventing legitimate transactions from being processed. The attack can be maintained indefinitely. The cost to perform the attack depends on the amount of tokens staked in the UCAC; fewer staked tokens make the attack cheaper [1].
Impact
Successful exploitation results in a denial of service (DoS) on a UCAC, blocking legitimate transactions. This may incentivize stakeholders to unstake their tokens, further reducing the cost of the attack [1].
Mitigation
The fix is commit 082e01f18707ef995e80ebe97fcedb229a55efc5, which changes executeUcacTx to private [2]. The repository was archived in July 2019 and is no longer supported. Users should apply the patch or migrate away from the unsupported product. No complete workaround is provided; staking more tokens increases attack cost but does not eliminate the vulnerability [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- blockmason/credit-protocolv5Range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/blockmason/credit-protocol/commit/082e01f18707ef995e80ebe97fcedb229a55efc5mitrepatch
- github.com/blockmason/credit-protocol/pull/33mitreissue-tracking
- vuldb.commitresignaturepermissions-required
- vuldb.commitrevdb-entrytechnical-description
News mentions
0No linked articles in our index yet.