1. Soroban SDK Security Flaw: Malicious RPC Can Reorder Contract Call Arguments via Fetched ABI
A critical security vulnerability has been identified in the Soroban SDK's contract client, where the system implicitly trusts the Application Binary Interface (ABI) fetched from a remote RPC endpoint. The flaw resides in the `Client.from()` and `Client.fromWasmHash()` methods, which retrieve WASM code from a configure...