CVE-2022-36447 - Vulnerability Details - OpenCVE

An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the malicious actor pleases. This is true for every CAT1 on the Chia blockchain regardless of issuance rules. This attack is auditable on chain, so maliciously altered coins can potentially be marked by off-chain observers as malicious.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Chia	Network Cat1 Standard

Configuration 1 [-]

cpe:2.3:a:chia:network_cat1_standard:1.0.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://chia.net
https://www.chia.net/2022/07/25/upgrading-the-cat-standard.en.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-07-29T20:32:20

Updated: 2024-08-03T10:07:34.111Z

Reserved: 2022-07-25T00:00:00

Link: CVE-2022-36447

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-07-29T21:15:09.607

Modified: 2024-11-21T07:13:01.960

Link: CVE-2022-36447

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the malicious actor pleases. This is true for every CAT1 on the Chia blockchain regardless of issuance rules. This attack is auditable on chain, so maliciously altered coins can potentially be marked by off-chain observers as malicious."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-29T20:32:20", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://chia.net"}, {"tags": ["x_refsource_MISC"], "url": "https://www.chia.net/2022/07/25/upgrading-the-cat-standard.en.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-36447", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the malicious actor pleases. This is true for every CAT1 on the Chia blockchain regardless of issuance rules. This attack is auditable on chain, so maliciously altered coins can potentially be marked by off-chain observers as malicious."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://chia.net", "refsource": "MISC", "url": "https://chia.net"}, {"name": "https://www.chia.net/2022/07/25/upgrading-the-cat-standard.en.html", "refsource": "MISC", "url": "https://www.chia.net/2022/07/25/upgrading-the-cat-standard.en.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:07:34.111Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://chia.net"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.chia.net/2022/07/25/upgrading-the-cat-standard.en.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-36447", "datePublished": "2022-07-29T20:32:20", "dateReserved": "2022-07-25T00:00:00", "dateUpdated": "2024-08-03T10:07:34.111Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:chia:network_cat1_standard:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "061654C9-9A97-4DC1-B4C5-DDC3DA24226A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the malicious actor pleases. This is true for every CAT1 on the Chia blockchain regardless of issuance rules. This attack is auditable on chain, so maliciously altered coins can potentially be marked by off-chain observers as malicious."}, {"lang": "es", "value": "Se ha detectado un problema de inflaci\u00f3n en Chia Network CAT1 Standard versi\u00f3n 1.0.0. Los tokens acu\u00f1ados previamente en la blockchain de Chia usando el est\u00e1ndar CAT1 pueden ser inflados de forma arbitraria por cualquier poseedor de cualquier cantidad del token. La cantidad total del token puede incrementarse tanto como le plazca al actor malicioso. Esto es determinado para cada CAT1 en la cadena de bloques de Chia, independientemente de las normas de emisi\u00f3n. Este ataque es auditable en la cadena, por lo que las monedas alteradas maliciosamente pueden ser marcadas como maliciosas por los observadores fuera de la cadena"}], "id": "CVE-2022-36447", "lastModified": "2024-11-21T07:13:01.960", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-29T21:15:09.607", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://chia.net"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.chia.net/2022/07/25/upgrading-the-cat-standard.en.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://chia.net"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.chia.net/2022/07/25/upgrading-the-cat-standard.en.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}