How severe is GHSA-wg2x-rv86-mmpx?

No CVSS score has been assigned to GHSA-wg2x-rv86-mmpx yet. Review the advisory details and affected package list to assess your exposure.

Which packages are affected by GHSA-wg2x-rv86-mmpx?

GHSA-wg2x-rv86-mmpx affects the following packages: @keep-network/tbtc-v2 (npm). Ecosystems affected: npm.

How do I fix GHSA-wg2x-rv86-mmpx?

Update @keep-network/tbtc-v2 to 1.5.2 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-wg2x-rv86-mmpx is resolved across your whole dependency graph.

How do I detect GHSA-wg2x-rv86-mmpx in my npm dependencies?

Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for @keep-network/tbtc-v2. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.

How do I mitigate GHSA-wg2x-rv86-mmpx if there is no patch (or I can't update yet)?

If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.

How does O3 Security protect against GHSA-wg2x-rv86-mmpx?

O3 pinpoints whether GHSA-wg2x-rv86-mmpx is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Is GHSA-wg2x-rv86-mmpx actively exploited in the wild?

No public exploit code has been indexed for GHSA-wg2x-rv86-mmpx yet. This does not mean the vulnerability cannot be exploited — absence of public exploits does not imply safety. Apply the recommended fix and use O3 Security to monitor your exposure.

When was GHSA-wg2x-rv86-mmpx published, and has it been updated?

GHSA-wg2x-rv86-mmpx was published on January 19, 2024. Advisory data evolves as severity scores, affected ranges, and exploit intelligence are revised — always check the latest version of the advisory before acting.

📦 npm

GHSA-wg2x-rv86-mmpx

SPV Merkle proof malleability allows the maintainer to prove invalid transactions

Published

Jan 19, 2024

Updated

Jan 19, 2024

Affected

1 pkg

Patched

1 / 1

Exploits

None indexed

Blast Radius

1 pkg affected

Weekly download volume for affected packages — a proxy for how broadly this vulnerability is deployed.

@keep-network/tbtc-v2npm

2Kdownloads / week

Description

Summary

By publishing specially crafted transactions on the Bitcoin blockchain, the SPV maintainer can produce seemingly valid SPV proofs for fraudulent transactions.

The issue was originally identified by Least Authority in the tBTC Bridge V2 Security Audit Report as Issue B: Bitcoin SPV Merkle Proofs Can Be Faked. A mitigation was believed to have been in place, but this turned out to contain an error, and the issue had not been effectively mitigated.

Details

This is achieved by creating a 64-byte transaction that the fraudulent transaction treats as a node in its merkle proof:

The attacker creates the malicious transaction E and calculates an unusual but valid transaction D, so that the last 32 bytes of D are a part of the merkle proof of E:

D = foo | hash256(E')
E' = bar | hash256(E)

foo and bar are arbitrary 32-byte values selected to facilitate this attack.

The attacker can then publish D and wait for it to be mined. A valid SPV proof for D can then be transformed into a proof for E by prepending bar and foo to the merkle proof, and changing the transaction index into one matching E's implied position in the merkle tree.

Calculating a suitable value for E' has been estimated to require between 2^60 to 2^81 operations. By contrast, the current Bitcoin hashrate is approximately 2^69. Thus the cost of performing the requisite brute-force is at most similar to, or possibly up to 1,000,000 times lower than, the cost of mining 6 Bitcoin blocks at the current difficulty.

Impact

The vulnerability does not enable the SPV maintainer to do anything they would not have been able to do otherwise. However, the ability to bypass the need to mine 6 blocks at the current difficulty makes abusing the SPV maintainer position significantly cheaper.

Patches

Adding the coinbase transaction and its merkle proof into the SPV proofs prevents this issue, by increasing the brute-force required to 2^224. If the length of the coinbase proof matches the length of the transaction proof, and both proofs are valid for the same header, we can trust that the exploit has not been abused for the transaction.

Workarounds

The trusted SPV maintainer position prevents this issue

References

Weaknesses in Bitcoin’s Merkle Root Construction

Leaf-Node weakness in Bitcoin Merkle Tree Design

SPV proof verification vulnerable to potential (but expensive to exploit) Merkle tree problem #192

tBTC Bridge V2 Security Audit Report

Affected Packages

1 total 1 fixed

Ecosystem	Package	Vulnerable range	Fix
📦npm	`@keep-network/tbtc-v2`	all versions	1.5.2

Detection & mitigation playbook

Open-source dependency

Detect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for @keep-network/tbtc-v2. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update @keep-network/tbtc-v2 to 1.5.2 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-wg2x-rv86-mmpx is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-wg2x-rv86-mmpx is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Tailored to GHSA-wg2x-rv86-mmpx. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.

Frequently Asked Questions

## Summary By publishing specially crafted transactions on the Bitcoin blockchain, the SPV maintainer can produce seemingly valid SPV proofs for fraudulent transactions. The issue was originally identified by Least Authority in the tBTC Bridge V2 Security Audit Report as _Issue B: Bitcoin SPV Merkle Proofs Can Be Faked_. A mitigation was believed to have been in place, but this turned out to contain an error, and the issue had not been effectively mitigated. ### Details This is achieved by creating a 64-byte transaction that the fraudulent transaction treats as a node in its merkle proof: T

O3 Security · Impact-Aware SCA

Is GHSA-wg2x-rv86-mmpx in your dependencies?

O3 detects GHSA-wg2x-rv86-mmpx across npm dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.

Scan my dependencies How O3 SCA works

GHSA-wg2x-rv86-mmpx

Blast Radius

Description

Summary

Details

Impact

Patches

Workarounds

References

Affected Packages

Detection & mitigation playbook

Detect

Fix

Workarounds

How O3 protects you

Frequently Asked Questions

Is GHSA-wg2x-rv86-mmpx in your dependencies?