CVE-2026-32322: CWE-697: Incorrect Comparison in stellar rs-soroban-sdk
CVE-2026-32322 is a medium severity vulnerability in the stellar rs-soroban-sdk Rust library used for Soroban smart contracts. The flaw arises from incorrect equality comparisons of Fr (scalar field) types for BN254 and BLS12-381 curves, where values are compared by their raw U256 representation without modular reduction. This causes mathematically equal field elements to be treated as unequal if unreduced, potentially leading to incorrect authorization or validation bypasses in contracts relying on these equality checks. Exploitation requires an attacker to supply crafted Fr values as contract inputs and depends on the contract’s logic using direct Fr equality comparisons. The vulnerability affects versions prior to 22. 0. 11, 23. 5. 3, and 25. 3.
AI Analysis
Technical Summary
The vulnerability CVE-2026-32322 affects the stellar rs-soroban-sdk, a Rust software development kit for building Soroban smart contracts. The core issue lies in the implementation of equality comparisons for Fr (scalar field) types used in elliptic curve cryptography, specifically BN254 and BLS12-381 curves. These Fr types represent elements of a finite field modulo a prime r. However, prior to versions 22.0.11, 23.5.3, and 25.3.0, the SDK compared these field elements by their raw 256-bit unsigned integer (U256) values without first reducing them modulo r. Since field elements can be represented by multiple integers congruent modulo r, this leads to mathematically equal elements being considered unequal if one or both are unreduced (i.e., greater than or equal to r). This incorrect comparison violates the mathematical properties expected in cryptographic operations. The vulnerability can be exploited when a malicious actor supplies crafted Fr values as inputs to smart contracts that perform direct equality checks on these values without invoking host-side arithmetic operations that would reduce the values properly. Such contracts may rely on these equality checks for critical security decisions, such as authorization or validation of transactions. As a result, the vulnerability can cause incorrect authorization decisions or allow bypassing validation logic, undermining contract security. The impact depends heavily on the contract’s design and how it uses Fr equality. The vulnerability does not require authentication or user interaction and can be exploited remotely by submitting crafted inputs. The CVSS 3.1 score is 5.3 (medium severity), reflecting limited impact on confidentiality and availability but a potential integrity impact. No known exploits have been reported in the wild. The issue is resolved in versions 22.0.11, 23.5.3, and 25.3.0 of the rs-soroban-sdk.
Potential Impact
The vulnerability can lead to incorrect behavior in smart contracts that rely on Fr equality checks for security-critical logic. This may result in unauthorized access, bypass of validation steps, or incorrect authorization decisions within decentralized applications built on the Soroban platform. Since Soroban is a smart contract platform associated with the Stellar blockchain ecosystem, affected contracts could include financial applications, identity verification, or asset management systems. The impact is primarily on the integrity of contract logic, potentially allowing attackers to manipulate contract outcomes or bypass restrictions. While confidentiality and availability are not directly affected, the trustworthiness and correctness of contract operations are compromised, which can have significant downstream effects on users and organizations relying on these contracts. The scope is limited to contracts using vulnerable versions of the rs-soroban-sdk and employing direct Fr equality comparisons without proper modular reduction. The lack of known exploits suggests limited active exploitation but does not preclude future attacks, especially as the vulnerability becomes publicly known.
Mitigation Recommendations
Organizations and developers using the stellar rs-soroban-sdk should immediately upgrade to patched versions 22.0.11, 23.5.3, or 25.3.0 or later. Review all smart contracts that perform direct equality checks on Fr scalar field elements to ensure they do not rely on raw U256 comparisons without modular reduction. Where possible, refactor contract logic to use host-side arithmetic operations or verified library functions that guarantee proper modular reduction before comparison. Implement comprehensive testing and code audits focusing on cryptographic operations and equality checks in smart contracts. Monitor the Stellar and Soroban communities for updates, advisories, and best practices related to this vulnerability. Consider deploying runtime checks or static analysis tools to detect unsafe equality comparisons in contract code. For contracts already deployed and potentially vulnerable, assess the risk and consider redeploying corrected versions if feasible. Maintain robust input validation and restrict user-supplied scalar values where possible to reduce attack surface.
Affected Countries
United States, Germany, Japan, South Korea, Singapore, United Kingdom, Canada, Switzerland, Australia, Netherlands
CVE-2026-32322: CWE-697: Incorrect Comparison in stellar rs-soroban-sdk
Description
CVE-2026-32322 is a medium severity vulnerability in the stellar rs-soroban-sdk Rust library used for Soroban smart contracts. The flaw arises from incorrect equality comparisons of Fr (scalar field) types for BN254 and BLS12-381 curves, where values are compared by their raw U256 representation without modular reduction. This causes mathematically equal field elements to be treated as unequal if unreduced, potentially leading to incorrect authorization or validation bypasses in contracts relying on these equality checks. Exploitation requires an attacker to supply crafted Fr values as contract inputs and depends on the contract’s logic using direct Fr equality comparisons. The vulnerability affects versions prior to 22. 0. 11, 23. 5. 3, and 25. 3.
AI-Powered Analysis
Technical Analysis
The vulnerability CVE-2026-32322 affects the stellar rs-soroban-sdk, a Rust software development kit for building Soroban smart contracts. The core issue lies in the implementation of equality comparisons for Fr (scalar field) types used in elliptic curve cryptography, specifically BN254 and BLS12-381 curves. These Fr types represent elements of a finite field modulo a prime r. However, prior to versions 22.0.11, 23.5.3, and 25.3.0, the SDK compared these field elements by their raw 256-bit unsigned integer (U256) values without first reducing them modulo r. Since field elements can be represented by multiple integers congruent modulo r, this leads to mathematically equal elements being considered unequal if one or both are unreduced (i.e., greater than or equal to r). This incorrect comparison violates the mathematical properties expected in cryptographic operations. The vulnerability can be exploited when a malicious actor supplies crafted Fr values as inputs to smart contracts that perform direct equality checks on these values without invoking host-side arithmetic operations that would reduce the values properly. Such contracts may rely on these equality checks for critical security decisions, such as authorization or validation of transactions. As a result, the vulnerability can cause incorrect authorization decisions or allow bypassing validation logic, undermining contract security. The impact depends heavily on the contract’s design and how it uses Fr equality. The vulnerability does not require authentication or user interaction and can be exploited remotely by submitting crafted inputs. The CVSS 3.1 score is 5.3 (medium severity), reflecting limited impact on confidentiality and availability but a potential integrity impact. No known exploits have been reported in the wild. The issue is resolved in versions 22.0.11, 23.5.3, and 25.3.0 of the rs-soroban-sdk.
Potential Impact
The vulnerability can lead to incorrect behavior in smart contracts that rely on Fr equality checks for security-critical logic. This may result in unauthorized access, bypass of validation steps, or incorrect authorization decisions within decentralized applications built on the Soroban platform. Since Soroban is a smart contract platform associated with the Stellar blockchain ecosystem, affected contracts could include financial applications, identity verification, or asset management systems. The impact is primarily on the integrity of contract logic, potentially allowing attackers to manipulate contract outcomes or bypass restrictions. While confidentiality and availability are not directly affected, the trustworthiness and correctness of contract operations are compromised, which can have significant downstream effects on users and organizations relying on these contracts. The scope is limited to contracts using vulnerable versions of the rs-soroban-sdk and employing direct Fr equality comparisons without proper modular reduction. The lack of known exploits suggests limited active exploitation but does not preclude future attacks, especially as the vulnerability becomes publicly known.
Mitigation Recommendations
Organizations and developers using the stellar rs-soroban-sdk should immediately upgrade to patched versions 22.0.11, 23.5.3, or 25.3.0 or later. Review all smart contracts that perform direct equality checks on Fr scalar field elements to ensure they do not rely on raw U256 comparisons without modular reduction. Where possible, refactor contract logic to use host-side arithmetic operations or verified library functions that guarantee proper modular reduction before comparison. Implement comprehensive testing and code audits focusing on cryptographic operations and equality checks in smart contracts. Monitor the Stellar and Soroban communities for updates, advisories, and best practices related to this vulnerability. Consider deploying runtime checks or static analysis tools to detect unsafe equality comparisons in contract code. For contracts already deployed and potentially vulnerable, assess the risk and consider redeploying corrected versions if feasible. Maintain robust input validation and restrict user-supplied scalar values where possible to reduce attack surface.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-11T21:16:21.661Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69b3375b2f860ef943024593
Added to database: 3/12/2026, 9:59:55 PM
Last enriched: 3/12/2026, 10:14:45 PM
Last updated: 3/13/2026, 12:05:03 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.