fuel-core icon indicating copy to clipboard operation
fuel-core copied to clipboard

Published 20 hours ago verified publisher icon FuelLabs

TOB-FUEL-37: Ethabi dependency is no longer maintained

Open xgreenx opened this issue 1 year ago • 1 comments

Description

The ethabi dependency is no longer maintained. More details on 4. of September 2023.

Because the Fuel system does not have server components which parse user provided ABI specifications, this does not pose a security risk to Fuel.

Recommendations

Short term, upgrade ethabi as soon as a fixed version is released. Long term, consider switching to an alternative library like ethers-rs. Note that the current version of ethers-rs is also vulnerable to the same bug as ethabi, so make sure to update the library if fixes are released.

xgreenx avatar Aug 29 '23 11:08 xgreenx

We've upgraded the fuel-core to use ethers 2 https://github.com/FuelLabs/fuel-core/pull/1390. But the problem is still present there.

As mentioned in the description, it doesn't affect us because we don't have a server part. So the problem is not super relevant. But we will keep this issue open for now to track the upgrade to the ethers when the fix is available.

xgreenx avatar Oct 11 '23 22:10 xgreenx