TOB-FUEL-37: Ethabi dependency is no longer maintained #1332
Labels
audit-report
Somehow related to the audit report
Comments
|
We've upgraded the As mentioned in the description, it doesn't affect us because we don't have a server part. So the problem is not super relevant. But we will keep this issue open for now to track the upgrade to the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
The ethabi dependency is no longer maintained. More details on 4. of September 2023.
Because the Fuel system does not have server components which parse user provided ABI specifications, this does not pose a security risk to Fuel.
Recommendations
Short term, upgrade ethabi as soon as a fixed version is released.
Long term, consider switching to an alternative library like ethers-rs. Note that the current version of ethers-rs is also vulnerable to the same bug as ethabi, so make sure to update the library if fixes are released.
The text was updated successfully, but these errors were encountered: