CRITICAL 9.1

GHSA-49xc-52mp-cc9j

nimiq-blockchain is missing a wall-clock upper bound on block timestamps

Details

### Impact

Block timestamp validation enforces that `timestamp >= parent.timestamp` for non-skip blocks and `timestamp == parent.timestamp + MIN_PRODUCER_TIMEOUT` for skip blocks, but there is no visible upper bound check against the wall clock. A malicious block-producing validator can set block timestamps arbitrarily far in the future. This directly affects reward calculations via `Policy::supply_at()` and `batch_delay()` in `blockchain/src/reward.rs`, inflating the monetary supply beyond the intended emission schedule.

### Patches TBD

### Workarounds No know workarounds.

Are you affected?

Enter the version of the package you're using.

Affected packages

crates.io / nimiq-blockchain

Introduced in: 0

No fixed version published yet for nimiq-blockchain. Pin to a known-safe version or switch to an alternative.

References

https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-49xc-52mp-cc9j [WEB]
https://nvd.nist.gov/vuln/detail/CVE-2026-40093 [ADVISORY]
https://github.com/nimiq/core-rs-albatross [PACKAGE]