A critical verification flaw in the Nimiq block implementation allows malicious actors to bypass security protocols through signature index collisions.

The vulnerability exists in SkipBlockProof::verify, where improper index casting allows multiple out-of-range indices to collide into the same in-range slot, enabling signature multiplication.

This flaw undermines the consensus mechanism of the Nimiq implementation. An attacker could potentially validate fraudulent blocks, leading to double-spending or network instability. The CVSS score of 9.6 highlights the extreme risk to the integrity of the blockchain-based system.

Immediate Action: Update to Nimiq block version 1.3.0 or later immediately.

Proactive Monitoring: Monitor consensus logs for any anomalous block verification failures or irregularities in validator signature aggregation.

Compensating Controls: No effective workarounds exist; immediate application of the vendor-provided patch is required to maintain network security.

Public Exploit Available: false

All operators running Nimiq infrastructure must update to version 1.3.0 without delay. The integrity of the consensus mechanism is at stake, and no alternative mitigations can compensate for the underlying logic vulnerability.