A data race exists in op-node's EngineController.PeekUnsafePayload() where the non-thread-safe PayloadsQueue is accessed without mutex protection.
| Field | Value |
|---|---|
| Component | op-node |
| File | op-node/rollup/engine/engine_controller.go |
ep0chzer0
/ Dockerfile
Last active
January 17, 2026 00:33
PoC: Emergency Withdrawal Accounting Gap - Kinetiq Protocol (CWE-691)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Vulnerability PoC: Emergency Withdrawal Accounting Gap | |
| # Uses official Foundry image for reproducible testing | |
| FROM ghcr.io/foundry-rs/foundry:latest | |
| WORKDIR /poc | |
| # Copy PoC files (run-poc.sh should be executable before copying) | |
| COPY --chmod=755 . /poc/ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # ECDSA 2PC Timing Side-Channel Attack - Reproduction Script | |
| # Target: cb-mpc (Coinbase) | |
| # | |
| set -e | |
| echo "============================================================" | |
| echo "ECDSA 2PC Timing Side-Channel → Key Recovery PoC" | |
| echo "============================================================" |