# Shardeum Core II

## Reports by Severity

<details>

<summary>Critical</summary>

* \#35526 \[BC-Critical] An attacker can change the account balance after the transaction has been processed.
* \#35839 \[BC-Critical] Slash avoidance: Ineffective controls on unstaking allow unstaking before taking an action that should be slashed
* \#35707 \[BC-Critical] Reusing old transaction receipt to rollback account balance
* \#35531 \[BC-Critical] Absence of signature deduplication for receipt in the binary\_repair\_oos\_accounts P2P handler
* \#35695 \[BC-Critical] validateTxnFields check for internal transactions can be bypassed
* \#35601 \[BC-Critical] Consensus algorithm doesn't deduplicate votes, allowing a malicious validator to completely falsify transactions
* \#35694 \[BC-Critical] Consensus can be bypassed by single validator node from transaction execution group
* \#35696 \[BC-Critical] Specifically crafted penalty TX may cause total network shutdown.

</details>

<details>

<summary>Insight</summary>

* \#35710 \[BC-Insight] addressToPartition input is unsanitized, allowing to take whole network down
* \#35697 \[BC-Insight] \[Informational] Code logic contains potential risk of full network shutdown
* \#35641 \[BC-Insight] node p2p remote denial of service
* \#35415 \[BC-Insight] \[Informational] debugMiddleware query parameters can be partially modified by request submitter or via MITM
* \#35965 \[BC-Insight] Unverified Data in Safety Sync
* \#36024 \[BC-Insight] Use of Vulnerable function results in prediction of archivers
* \#36029 \[BC-Insight] Node.js crash on counterMap overflow

</details>

## Reports by Type

<details>

<summary>Blockchain/DLT</summary>

* \#35710 \[BC-Insight] addressToPartition input is unsanitized, allowing to take whole network down
* \#35697 \[BC-Insight] \[Informational] Code logic contains potential risk of full network shutdown
* \#35641 \[BC-Insight] node p2p remote denial of service
* \#35526 \[BC-Critical] An attacker can change the account balance after the transaction has been processed.
* \#35415 \[BC-Insight] \[Informational] debugMiddleware query parameters can be partially modified by request submitter or via MITM
* \#35839 \[BC-Critical] Slash avoidance: Ineffective controls on unstaking allow unstaking before taking an action that should be slashed
* \#35707 \[BC-Critical] Reusing old transaction receipt to rollback account balance
* \#35965 \[BC-Insight] Unverified Data in Safety Sync
* \#36024 \[BC-Insight] Use of Vulnerable function results in prediction of archivers
* \#35531 \[BC-Critical] Absence of signature deduplication for receipt in the binary\_repair\_oos\_accounts P2P handler
* \#35695 \[BC-Critical] validateTxnFields check for internal transactions can be bypassed
* \#35601 \[BC-Critical] Consensus algorithm doesn't deduplicate votes, allowing a malicious validator to completely falsify transactions
* \#35694 \[BC-Critical] Consensus can be bypassed by single validator node from transaction execution group
* \#36029 \[BC-Insight] Node.js crash on counterMap overflow
* \#35696 \[BC-Critical] Specifically crafted penalty TX may cause total network shutdown.

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://reports.immunefi.com/shardeum-core-ii.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.