# Movement Labs Attackathon
## Reports by Severity
Critical
* \#43014 \[BC-Critical] finite Deadlock of Transactions (No Automatic Timeout + Sequential Execution) on multisig implementation
* \#43108 \[BC-Critical] Attackers can front-run transactions in celestia mempool to cause transactions of many users revert unexpectedly
* \#43110 \[BC-Critical] Validator can DoS the DA Layer by requesting a big range of blobs
* \#41987 \[BC-Critical] Oversized blocks split the chain
* \#42143 \[BC-Critical] Decompressing a maliciously crafted blob leads to shutting down all Movement DA Light Nodes in a Movement based network which using a centralized Sequencer.
* \#42749 \[BC-Critical] Attacker can send digests directly to Celestia to reorder block execution
* \#43214 \[BC-Critical] Unchecked transaction size allows malicious users to DOS honest users transactions
* \#42153 \[BC-Critical] Attackers can exploit bug in Blob Verification to execute replay attack by re-executing blobs
* \#43246 \[BC-Critical] Lack of TCP timeout allows attacker to crash the sequencer via the maptos-opt-executor service
* \#43253 \[BC-Critical] Attackers can drain TIA from nodes in networks running in sequencer mode
* \#43243 \[BC-Critical] Attacker can halt chains operating in sequencer mode
* \#43244 \[BC-Critical] Lack of TCP timeout allows attacker to crash the sequencer via the Light Node Service
* \#42233 \[BC-Critical] Critical DoS Vulnerability in Movement Network's DA Layer Due to Zstd bomb blob exploit
* \#43288 \[BC-Critical] Attackers could force Nodes to process TraAttackers could force Nodes to process Transactions in wrong order, by attacking moveRocks/sequencing implementation
* \#43290 \[BC-Critical] Anyone can send a write\_batch to the DA node, enabling a DOS attack that shuts down the network
* \#42837 \[BC-Critical] Total network shutdown
* \#43315 \[BC-Critical] DA Light Node Can Be DoSed Due to Lack of Batch Validation
* \#42298 \[BC-Critical] Blocks from Celestia are not executed in order which breaks sequencer logic and application priorities
* \#42941 \[BC-Critical] \[Critical] Network-Wide Denial of Service Through Unrecoverable Block Execution Failures
* \#41531 \[BC-Critical] Attackers can drain the sequencer’s wallet and DoS network by submitting transactions from unfunded accounts
* \#43250 \[BC-Critical] Excessive TCP timeout allows attacker to crash the sequencer via the indexer service
* \#43251 \[BC-Critical] Lack of TCP timeout allows attacker to crash the sequencer via the finality viewer service
* \#43190 \[BC-Critical] Deadlock in \`submit\_transaction()\`
* \#43330 \[BC-Critical] Freezing new transaction processing by sending invalid requests to movement DA light node
* \#41334 \[BC-Critical] Attacker can publish a blob that cannot be deserialized and shut down the movement chain
* \#43177 \[BC-Critical] DoS Vulnerability in DA Light Node via Unbounded Height Parameter
* \#41489 \[BC-Critical] Blob sizes remain unchecked leading to chain halt
* \#43114 \[BC-Critical] Attackers can cause total shutdown network by exploiting missing of blob size check in DA Lightnode
* \#42112 \[BC-Critical] Using \`blob.GetAll\` instead of \`blob.Get\` for Celestia DA opens full nodes to fraudulent block attacks
* \#42936 \[BC-Critical] Potential Deadlock or Panic Due to Concurrent Lock Acquisition in \`TransactionPipe\`
* \#43333 \[BC-Critical] Missing Depths Checks in Cached TypeLayout leads to Network Divergence
* \#41012 \[BC-Critical] Unintended Chain Split in Movement Full Node
High
* \#41794 \[BC-High] Not having any whitelisted account completely disables the prevalidator leading to transactions that cannot be deserialized
* \#41686 \[BC-High] The passthrough DA light node streams transactions instead of blocks which means that the block cannot be deserialized
* \#41878 \[BC-High] Edge-case allows replaying user transactions to fill the mempool
* \#43322 \[BC-High] Inadequate Transaction Validation in DA Light Node Allows Unprocessable Block Creation
* \#43054 \[BC-High] Malicious Light Node can DoS the Full Node
* \#43191 \[BC-High] DOS attack by sending transactions that pass the sufficient balance test when entering mempool but fail it in execution
* \#42761 \[BC-High] Memseq does not verify client-specified expiration for transactions before including them in DA (Data Availability).
* \#43241 \[BC-High] Attackers can drain TIA from nodes in networks running in passthrough mode
* \#43307 \[BC-High] Not verifying the signatures upon execution leads to direct loss of funds
* \#42011 \[BC-High] Duplicate tx IDs in blockchain blocks are possible
* \#43323 \[BC-High] Inadequate Sequence Number Validation in DA Light Node Enables Transaction Censorship
* \#43324 \[BC-High] Insufficient Validation in DA Light Node Allows Malicious Override of \`application\_priority\`
* \#41373 \[BC-High] Premature transaction acceptance to mempool/DA without signature validation
* \#42395 \[BC-High] Movement does not allow overwriting transactions with a higher priority, breaking Aptos mempool logic
* \#42903 \[BC-High] Attackers are able to submit multiple dupplicate transactions due to mismatched Mempool Implementation
* \#41516 \[BC-High] The attacker exceeds the number of transactions TOO\_NEW\_TOLERANCE and performs a DoS attack.
* \#41518 \[BC-High] The transaction to modify the gas price was not processed.
* \#42535 \[BC-High] Garbage collecting in flight transactions can lead to spiraling network delays
* \#41368 \[BC-High] JSON-RPC no batch query limitation allows really large responses | RPC server takedown
* \#42991 \[BC-High] User can reuse sequence number causing DOS & breaking core invariant
* \#41715 \[BC-High] Manipulating the Sequence Number of signed transactions to reorder them or prevent their execution
* \#41714 \[BC-High] Tampering the ID of signed transactions to prevent others from executing
* \#42762 \[BC-High] New accounts break the pipe mempool invariant that prevents duplicate transactions from filling the mempool
* \#43017 \[BC-High] Prevalidation does not validate application priority, sequence number and ID
* \#42930 \[BC-High] Users are unable to increase their gas resulting in stuck funds
* \#42896 \[BC-High] Attackers can exploit sequence\_number tolerance mechanism to to cause Movement Network DA Lightnode loose money for submitting failed blocks to Celestia
* \#43150 \[BC-High] Excessive transaction processing caused by a faulty garbage collector in transaction\_pipe.rs
* \#43136 \[BC-High] Multiple transactions sent by the same account in the same block timeframe can get stuck in the TranactionPipe core\_mempool
* \#43135 \[BC-High] \`epilogue\_gas\_payer\` Silently Drops Excess Storage Fee Refunds Under Governed Gas Pool
* \#43222 \[BC-High] A transaction with sequence number 0 can be submitted multiple times
* \#42648 \[BC-High] Altering the application\_priority to fill a block, temporary freezing user transactions
* \#41722 \[BC-High] The passthrough DA light node does not prevalidate transactions which leads to non-deserializable transactions that prevent execution
* \#42934 \[BC-High] Improper input validation in KeylessSignature causes full-node panic
* \#43229 \[BC-High] There is a bug can allows malicious data to enter the DA layer and be signed by a legitimate node
* \#42513 \[BC-High] Users might loose Storage Gas Fee Refund Due to Governed Gas Pool Feature of Movement logic bug
* \#42495 \[BC-High] The Tonic Request/Response Size Limit prevents data from being submitted to the da\_light\_node
* \#42102 \[BC-High] uncontrolled resource consumption is resulting in OOM via RPC (public one)
* \#41437 \[BC-High] An edge-case allows duplicate transactions to be added to the mempool of the sequencer
Medium
* \#42940 \[BC-Medium] Suboptimal Lock Holding During Logging in \`decrement\_transactions\_in\_flight\`
* \#41678 \[BC-Medium] Transactions directly sent to the passthrough will cause the mempool to accept more transactions than the \`inflight\_limit\`
* \#41864 \[BC-Medium] When Memseq selects a transaction from a particular user to include in a block, it does not remove transactions from Memseq that have a sequence\_number less than or equal to the t...
* \#43312 \[BC-Medium] get\_state\_proof() is called with the current version leading to the epoch\_changes of the StateProof always being empty
* \#42933 \[BC-Medium] Integer Underflow in Garbage Collection Logic of UsedSequenceNumberPool disrupting transaction processing
* \#43148 \[BC-Medium] Potential unhandled panic in protocol-units::execution::maptos::opt-executor::executor/mod::decrement\_transactions\_in\_flight
* \#42480 \[BC-Medium] Unable to deposit the gas fee into the \`governed\_gas\_pool\` when using \`deposit\_from\_fungible\_store\`
* \#41466 \[BC-Medium] Incorrect sequence number tracking in mempool commit
* \#42928 \[BC-Medium] Depositing gas fees into the governed gas pool does not work when the CoinStore is frozen
* \#43137 \[BC-Medium] Multiple Transactions from the same account with increasing sequence number and priorities will be sorted incorrectly in the block causing some to fail
* \#43255 \[BC-Medium] User Transactions might be lost due to missing Error Handling in Celestia RPC Client Requests \`blob\_submit\` failure
* \#43132 \[BC-Medium] upgrade\_burn\_percentage Resets Block Proposer, Blocking Fee Distribution
* \#41255 \[BC-Medium] Blocking sleep in async context leads to thread pool exhaustion and DoS
* \#41669 \[BC-Medium] Incorrect Gas Cost Used for BLS12381 Subgroup Check Causes \~70% Undercharge
* \#43303 \[BC-Medium] The call to \`commit\_transaction()\` includes the wrong sequence number
Low
* \#43287 \[BC-Low] Certain fees are unaccounted for causing failed transactions
* \#42557 \[BC-Low] Remote signing methods can fail which will turn off the light node block proposer
Insight
* \#41594 \[BC-Insight] Invalid URL format in TcpListener binding prevents REST API from starting
* \#43326 \[BC-Insight] Stale Transaction State in Mempool When Sender/Receiver Pipe Fails
* \#43187 \[BC-Insight] Movement Full Node Panics and Crashes Uncleanly on Connection failure with DA Light Node
* \#41023 \[BC-Insight] Incomplete transaction decrementing leading to undesired behaviour
* \#41978 \[BC-Insight] Values of the current gc\_slot can be garbage collected in edge case
* \#42938 \[BC-Insight] Inefficient Garbage Collection Implementation in \`UsedSequenceNumberPool\`
* \#43217 \[BC-Insight] Incorrect public key notification after key rotation
* \#43220 \[BC-Insight] The GC\_INTERVAL might not be fitting for the configured sequence\_number\_ttl\_ms
* \#41235 \[BC-Insight] Incorrect celestia bridge keyring flag causes network partition in data availability layer
* \#41243 \[BC-Insight] The mempool garbage collector doesn't fully execute garbage collection on each iteration
* \#42234 \[BC-Insight] Missing Match Arm in to\_single\_key\_authenticators() Allows WebAuthn Signatures Despite WEBAUTHN\_SIGNATURE Being Disabled
* \#41811 \[BC-Insight] Configuration data loss in configfile's \`try\_set\_with\_guard\` due to missing file cursor reset
* \#41731 \[BC-Insight] Race Condition in try\_to\_sign can lead to unverifiable blocks and/or blobs
* \#41618 \[BC-Insight] Timestamp unit doesn't match in GcCounter which causes premature transaction eviction
* \#41324 \[BC-Insight] Celestia auth tokens can be stolen by sniffing websocket requests
* \#43346 \[BC-Insight] Transactions arriving at the node out of sequence order will be rejected due to the has\_invalid\_sequence\_number function
* \#42925 \[BC-Insight] Transactions won't be included on Celestia when the gas price is high, and the transactions on Movement will be forgotten
* \#42430 \[BC-Insight] \`add\_mempool\_transaction()\` does not check if the transaction already exist in the mempool
* \#41560 \[BC-Insight] BlobType of BlobResponse can never be SequencedBlobBlock
* \#42895 \[BC-Insight] Misuse of error
* \#43168 \[BC-Insight] Under normal usage of the blockchain, transactions will not be persisted
* \#41985 \[BC-Insight] Using the test keyring backend is insecure
* \#41899 \[BC-Insight] NatSpec of several functions in \`ethereum.move\` is wrong
* \#42859 \[BC-Insight] Pub key format mismatch in \`InKnownSignersVerifier\`
* \#43184 \[BC-Insight] Vulnerable \`Secp256k1\` version allows validation of malformed signatures
* \#41945 \[BC-Insight] Optimization in \`to\_eip55\_checksumed\_address()\` in \`aptos\_framework::ethereum::()\` module
* \#43186 \[BC-Insight] Flawed documentation when streaming da blobs leads to confusion
* \#42939 \[BC-Insight] Transaction expiration is not validated correctly in mempool and sequencer
* \#41337 \[BC-Insight] Channel buffer size in block proposer is too low leading to network delays and resource exhaustion
* \#43038 \[BC-Insight] There is a permanent operator lockout came from an unsafe key rotation
* \#41855 \[SC-Insight] User is able to circumvent blocklist check by utilizing Solidity's implementation
* \#41980 \[BC-Insight] Full nodes panic in read-only mode whenever a transaction is sent
* \#42222 \[BC-Insight] Garbage Collector can fail to run in a timely manner if building\_time\_ms is set to a low value
* \#42937 \[BC-Insight] Public Exposure of Validator Signer Private Key in Executor Struct
* \#43267 \[BC-Insight] Potential Indefinite Hang (Denial of Service) in Full Node DA Sync Due to Missing Stream Timeout For Light Node Connection
* \#43221 \[BC-Insight] Expired transactions prevent new submissions due to delayed garbage collection
## Reports by Type
Smart Contract
* \#41855 \[SC-Insight] User is able to circumvent blocklist check by utilizing Solidity's implementation
Blockchain/DLT
* \#42940 \[BC-Medium] Suboptimal Lock Holding During Logging in \`decrement\_transactions\_in\_flight\`
* \#41794 \[BC-High] Not having any whitelisted account completely disables the prevalidator leading to transactions that cannot be deserialized
* \#41678 \[BC-Medium] Transactions directly sent to the passthrough will cause the mempool to accept more transactions than the \`inflight\_limit\`
* \#41686 \[BC-High] The passthrough DA light node streams transactions instead of blocks which means that the block cannot be deserialized
* \#43014 \[BC-Critical] finite Deadlock of Transactions (No Automatic Timeout + Sequential Execution) on multisig implementation
* \#41878 \[BC-High] Edge-case allows replaying user transactions to fill the mempool
* \#41864 \[BC-Medium] When Memseq selects a transaction from a particular user to include in a block, it does not remove transactions from Memseq that have a sequence\_number less than or equal to the t...
* \#41594 \[BC-Insight] Invalid URL format in TcpListener binding prevents REST API from starting
* \#43312 \[BC-Medium] get\_state\_proof() is called with the current version leading to the epoch\_changes of the StateProof always being empty
* \#43326 \[BC-Insight] Stale Transaction State in Mempool When Sender/Receiver Pipe Fails
* \#43108 \[BC-Critical] Attackers can front-run transactions in celestia mempool to cause transactions of many users revert unexpectedly
* \#43322 \[BC-High] Inadequate Transaction Validation in DA Light Node Allows Unprocessable Block Creation
* \#43110 \[BC-Critical] Validator can DoS the DA Layer by requesting a big range of blobs
* \#43187 \[BC-Insight] Movement Full Node Panics and Crashes Uncleanly on Connection failure with DA Light Node
* \#41023 \[BC-Insight] Incomplete transaction decrementing leading to undesired behaviour
* \#41978 \[BC-Insight] Values of the current gc\_slot can be garbage collected in edge case
* \#41987 \[BC-Critical] Oversized blocks split the chain
* \#43054 \[BC-High] Malicious Light Node can DoS the Full Node
* \#42933 \[BC-Medium] Integer Underflow in Garbage Collection Logic of UsedSequenceNumberPool disrupting transaction processing
* \#42938 \[BC-Insight] Inefficient Garbage Collection Implementation in \`UsedSequenceNumberPool\`
* \#43148 \[BC-Medium] Potential unhandled panic in protocol-units::execution::maptos::opt-executor::executor/mod::decrement\_transactions\_in\_flight
* \#42143 \[BC-Critical] Decompressing a maliciously crafted blob leads to shutting down all Movement DA Light Nodes in a Movement based network which using a centralized Sequencer.
* \#42749 \[BC-Critical] Attacker can send digests directly to Celestia to reorder block execution
* \#43191 \[BC-High] DOS attack by sending transactions that pass the sufficient balance test when entering mempool but fail it in execution
* \#43214 \[BC-Critical] Unchecked transaction size allows malicious users to DOS honest users transactions
* \#43217 \[BC-Insight] Incorrect public key notification after key rotation
* \#43220 \[BC-Insight] The GC\_INTERVAL might not be fitting for the configured sequence\_number\_ttl\_ms
* \#42761 \[BC-High] Memseq does not verify client-specified expiration for transactions before including them in DA (Data Availability).
* \#42153 \[BC-Critical] Attackers can exploit bug in Blob Verification to execute replay attack by re-executing blobs
* \#43241 \[BC-High] Attackers can drain TIA from nodes in networks running in passthrough mode
* \#41235 \[BC-Insight] Incorrect celestia bridge keyring flag causes network partition in data availability layer
* \#43246 \[BC-Critical] Lack of TCP timeout allows attacker to crash the sequencer via the maptos-opt-executor service
* \#43253 \[BC-Critical] Attackers can drain TIA from nodes in networks running in sequencer mode
* \#41243 \[BC-Insight] The mempool garbage collector doesn't fully execute garbage collection on each iteration
* \#43243 \[BC-Critical] Attacker can halt chains operating in sequencer mode
* \#43244 \[BC-Critical] Lack of TCP timeout allows attacker to crash the sequencer via the Light Node Service
* \#42233 \[BC-Critical] Critical DoS Vulnerability in Movement Network's DA Layer Due to Zstd bomb blob exploit
* \#42234 \[BC-Insight] Missing Match Arm in to\_single\_key\_authenticators() Allows WebAuthn Signatures Despite WEBAUTHN\_SIGNATURE Being Disabled
* \#43287 \[BC-Low] Certain fees are unaccounted for causing failed transactions
* \#43288 \[BC-Critical] Attackers could force Nodes to process TraAttackers could force Nodes to process Transactions in wrong order, by attacking moveRocks/sequencing implementation
* \#43290 \[BC-Critical] Anyone can send a write\_batch to the DA node, enabling a DOS attack that shuts down the network
* \#43307 \[BC-High] Not verifying the signatures upon execution leads to direct loss of funds
* \#41811 \[BC-Insight] Configuration data loss in configfile's \`try\_set\_with\_guard\` due to missing file cursor reset
* \#42011 \[BC-High] Duplicate tx IDs in blockchain blocks are possible
* \#42837 \[BC-Critical] Total network shutdown
* \#43315 \[BC-Critical] DA Light Node Can Be DoSed Due to Lack of Batch Validation
* \#43323 \[BC-High] Inadequate Sequence Number Validation in DA Light Node Enables Transaction Censorship
* \#42298 \[BC-Critical] Blocks from Celestia are not executed in order which breaks sequencer logic and application priorities
* \#43324 \[BC-High] Insufficient Validation in DA Light Node Allows Malicious Override of \`application\_priority\`
* \#41373 \[BC-High] Premature transaction acceptance to mempool/DA without signature validation
* \#42395 \[BC-High] Movement does not allow overwriting transactions with a higher priority, breaking Aptos mempool logic
* \#42903 \[BC-High] Attackers are able to submit multiple dupplicate transactions due to mismatched Mempool Implementation
* \#41516 \[BC-High] The attacker exceeds the number of transactions TOO\_NEW\_TOLERANCE and performs a DoS attack.
* \#41518 \[BC-High] The transaction to modify the gas price was not processed.
* \#41731 \[BC-Insight] Race Condition in try\_to\_sign can lead to unverifiable blocks and/or blobs
* \#42480 \[BC-Medium] Unable to deposit the gas fee into the \`governed\_gas\_pool\` when using \`deposit\_from\_fungible\_store\`
* \#42941 \[BC-Critical] \[Critical] Network-Wide Denial of Service Through Unrecoverable Block Execution Failures
* \#42535 \[BC-High] Garbage collecting in flight transactions can lead to spiraling network delays
* \#41618 \[BC-Insight] Timestamp unit doesn't match in GcCounter which causes premature transaction eviction
* \#41324 \[BC-Insight] Celestia auth tokens can be stolen by sniffing websocket requests
* \#41531 \[BC-Critical] Attackers can drain the sequencer’s wallet and DoS network by submitting transactions from unfunded accounts
* \#43346 \[BC-Insight] Transactions arriving at the node out of sequence order will be rejected due to the has\_invalid\_sequence\_number function
* \#43250 \[BC-Critical] Excessive TCP timeout allows attacker to crash the sequencer via the indexer service
* \#43251 \[BC-Critical] Lack of TCP timeout allows attacker to crash the sequencer via the finality viewer service
* \#42925 \[BC-Insight] Transactions won't be included on Celestia when the gas price is high, and the transactions on Movement will be forgotten
* \#43190 \[BC-Critical] Deadlock in \`submit\_transaction()\`
* \#43330 \[BC-Critical] Freezing new transaction processing by sending invalid requests to movement DA light node
* \#42430 \[BC-Insight] \`add\_mempool\_transaction()\` does not check if the transaction already exist in the mempool
* \#41368 \[BC-High] JSON-RPC no batch query limitation allows really large responses | RPC server takedown
* \#41334 \[BC-Critical] Attacker can publish a blob that cannot be deserialized and shut down the movement chain
* \#41466 \[BC-Medium] Incorrect sequence number tracking in mempool commit
* \#43177 \[BC-Critical] DoS Vulnerability in DA Light Node via Unbounded Height Parameter
* \#41489 \[BC-Critical] Blob sizes remain unchecked leading to chain halt
* \#42991 \[BC-High] User can reuse sequence number causing DOS & breaking core invariant
* \#41715 \[BC-High] Manipulating the Sequence Number of signed transactions to reorder them or prevent their execution
* \#41714 \[BC-High] Tampering the ID of signed transactions to prevent others from executing
* \#43114 \[BC-Critical] Attackers can cause total shutdown network by exploiting missing of blob size check in DA Lightnode
* \#42762 \[BC-High] New accounts break the pipe mempool invariant that prevents duplicate transactions from filling the mempool
* \#43017 \[BC-High] Prevalidation does not validate application priority, sequence number and ID
* \#42112 \[BC-Critical] Using \`blob.GetAll\` instead of \`blob.Get\` for Celestia DA opens full nodes to fraudulent block attacks
* \#42930 \[BC-High] Users are unable to increase their gas resulting in stuck funds
* \#42936 \[BC-Critical] Potential Deadlock or Panic Due to Concurrent Lock Acquisition in \`TransactionPipe\`
* \#42896 \[BC-High] Attackers can exploit sequence\_number tolerance mechanism to to cause Movement Network DA Lightnode loose money for submitting failed blocks to Celestia
* \#42928 \[BC-Medium] Depositing gas fees into the governed gas pool does not work when the CoinStore is frozen
* \#42557 \[BC-Low] Remote signing methods can fail which will turn off the light node block proposer
* \#43150 \[BC-High] Excessive transaction processing caused by a faulty garbage collector in transaction\_pipe.rs
* \#43137 \[BC-Medium] Multiple Transactions from the same account with increasing sequence number and priorities will be sorted incorrectly in the block causing some to fail
* \#43333 \[BC-Critical] Missing Depths Checks in Cached TypeLayout leads to Network Divergence
* \#43136 \[BC-High] Multiple transactions sent by the same account in the same block timeframe can get stuck in the TranactionPipe core\_mempool
* \#43135 \[BC-High] \`epilogue\_gas\_payer\` Silently Drops Excess Storage Fee Refunds Under Governed Gas Pool
* \#43255 \[BC-Medium] User Transactions might be lost due to missing Error Handling in Celestia RPC Client Requests \`blob\_submit\` failure
* \#43132 \[BC-Medium] upgrade\_burn\_percentage Resets Block Proposer, Blocking Fee Distribution
* \#43222 \[BC-High] A transaction with sequence number 0 can be submitted multiple times
* \#42648 \[BC-High] Altering the application\_priority to fill a block, temporary freezing user transactions
* \#41255 \[BC-Medium] Blocking sleep in async context leads to thread pool exhaustion and DoS
* \#41722 \[BC-High] The passthrough DA light node does not prevalidate transactions which leads to non-deserializable transactions that prevent execution
* \#41669 \[BC-Medium] Incorrect Gas Cost Used for BLS12381 Subgroup Check Causes \~70% Undercharge
* \#43303 \[BC-Medium] The call to \`commit\_transaction()\` includes the wrong sequence number
* \#42934 \[BC-High] Improper input validation in KeylessSignature causes full-node panic
* \#43229 \[BC-High] There is a bug can allows malicious data to enter the DA layer and be signed by a legitimate node
* \#42513 \[BC-High] Users might loose Storage Gas Fee Refund Due to Governed Gas Pool Feature of Movement logic bug
* \#42495 \[BC-High] The Tonic Request/Response Size Limit prevents data from being submitted to the da\_light\_node
* \#41012 \[BC-Critical] Unintended Chain Split in Movement Full Node
* \#41560 \[BC-Insight] BlobType of BlobResponse can never be SequencedBlobBlock
* \#42895 \[BC-Insight] Misuse of error
* \#42102 \[BC-High] uncontrolled resource consumption is resulting in OOM via RPC (public one)
* \#43168 \[BC-Insight] Under normal usage of the blockchain, transactions will not be persisted
* \#41985 \[BC-Insight] Using the test keyring backend is insecure
* \#41899 \[BC-Insight] NatSpec of several functions in \`ethereum.move\` is wrong
* \#42859 \[BC-Insight] Pub key format mismatch in \`InKnownSignersVerifier\`
* \#43184 \[BC-Insight] Vulnerable \`Secp256k1\` version allows validation of malformed signatures
* \#41945 \[BC-Insight] Optimization in \`to\_eip55\_checksumed\_address()\` in \`aptos\_framework::ethereum::()\` module
* \#43186 \[BC-Insight] Flawed documentation when streaming da blobs leads to confusion
* \#42939 \[BC-Insight] Transaction expiration is not validated correctly in mempool and sequencer
* \#41337 \[BC-Insight] Channel buffer size in block proposer is too low leading to network delays and resource exhaustion
* \#43038 \[BC-Insight] There is a permanent operator lockout came from an unsafe key rotation
* \#41437 \[BC-High] An edge-case allows duplicate transactions to be added to the mempool of the sequencer
* \#41980 \[BC-Insight] Full nodes panic in read-only mode whenever a transaction is sent
* \#42222 \[BC-Insight] Garbage Collector can fail to run in a timely manner if building\_time\_ms is set to a low value
* \#42937 \[BC-Insight] Public Exposure of Validator Signer Private Key in Executor Struct
* \#43267 \[BC-Insight] Potential Indefinite Hang (Denial of Service) in Full Node DA Sync Due to Missing Stream Timeout For Light Node Connection
* \#43221 \[BC-Insight] Expired transactions prevent new submissions due to delayed garbage collection
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://reports.immunefi.com/movement-labs-attackathon.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.