This page collects WhisperX intelligence signals tagged #soroban. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical Day-1 security vulnerability has been identified in multiple Soroban smart contracts, exposing the entire protocol to immediate administrative takeover. The `initialize` functions within the Arena, Factory, and Payout contracts are publicly callable by any address. This design flaw allows any observer of the...
A critical security and performance flaw has been identified in a Soroban smart contract's payout function. The `distribute_winnings()` method stores each payout record directly in the contract's **instance storage**, a design choice that leads to unbounded growth and threatens the contract's long-term viability. Insta...
A critical security vulnerability has been identified in a Soroban smart contract, allowing an attacker to bypass authorization checks and potentially trigger unauthorized fund distributions. The flaw resides in the `distribute_winnings()` function within the `payout` contract, where a logic error in the sequence of ch...
A critical vulnerability in the Soroban HTLC smart contract risks the permanent loss of user funds due to a fundamental flaw in how storage entries are managed. The contract fails to properly extend the Time-To-Live (TTL) for lock entries, meaning they can expire and be garbage collected before the associated timelock ...
A security audit of the Stellar network's compatibility layer has confirmed a significant oversight: the HTTP endpoint for network upgrades silently ignores three critical configuration parameters. The `/upgrades?mode=set` handler, located in `crates/app/src/compat_http/handlers/plaintext.rs`, parses only six parameter...
Nine production smart contracts built on the Soroban platform have been identified as operating without a completed formal security audit, according to internal project documentation. The gap has prompted a structured preparation effort aimed at readying the codebase for third-party review. No timeline for the audit it...
A critical access control vulnerability has been identified in the Solar Grid smart contract deployed on Soroban, raising serious concerns about the security of administrative functions. The `initialize` function in `contracts/solar_grid/src/lib.rs` contains no authentication mechanism, allowing any external account to...
A critical authentication bypass vulnerability has been identified in the `flag_suspicious` function within the fraud-prevention module of a Soroban smart contract deployment. The flaw, documented in `contracts/fraud-prevention/src/lib.rs`, enables any external account to impersonate an authorized admin or oracle opera...