VYPR
Low severity3.1OSV Advisory· Published Jul 30, 2024· Updated Jun 17, 2026

CVE-2024-41945

CVE-2024-41945

Description

fuels-ts is a library for interacting with Fuel v2. The typescript SDK has no awareness of to-be-spent transactions causing some transactions to fail or silently get pruned as they are funded with already used UTXOs. The problem occurs, because the fund function in fuels-ts/packages/account/src/account.ts gets the needed ressources statelessly with the function getResourcesToSpend without taking into consideration already used UTXOs. This issue will lead to unexpected SDK behaviour, such as a transaction not getting included in the txpool / in a block or a previous transaction silently getting removed from the txpool and replaced with a new one.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
@fuel-ts/accountnpm
< 0.93.00.93.0

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.