Ava Labs AvalancheGo

Findings · 5

1. 1 Unbounded recursion in codec allows stack overflow via deeply nested structs Informational
2. 2 Lack of lower bound on range proof request bytes limit enables denial of service Informational
3. 3 LevelDB prone to panic from poor construction Informational
4. 4 TOCTOU in the perms package Create method Informational
5. 5 API server does not limit large request body sizes Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.