BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLE_SPEND_ATTEMPTED. ARC responses with txStatus values of INVALID, MALFORMED, MINED_IN_STALE_BLOCK, or any ORPHAN-containing extraInfo / txStatus are silently treated as successful broadcasts. Applications that gate actions on broadcaster success are tricked into trusting transactions that were never accepted by the network.
lib/bsv/network/arc.rb (lines ~74-100 in the affected code) uses a narrow failure predicate compared to the TypeScript reference SDK. The TS broadcaster additionally recognises:
INVALIDMALFORMEDMINED_IN_STALE_BLOCKORPHAN in extraInfo or txStatusThe Ruby implementation omits all of these, so ARC responses carrying any of these statuses are returned to the caller as successful broadcasts.
Additional divergences in the same module compound the risk:
Content-Type is sent as application/octet-stream; the TS reference sends application/json with a { rawTx: <hex> } body (EF form where source transactions are available).XDeployment-ID, X-CallbackUrl, and X-CallbackToken are not sent.The immediate security-relevant defect is the missing failure statuses; the other divergences are fixed in the same patch for protocol compliance.
Integrity: callers receive a success response for broadcasts that were actually rejected by the ARC endpoint. Applications and downstream gems that gate actions on broadcaster success — releasing goods, marking invoices paid, treating a token as minted, progressing a workflow — are tricked into trusting transactions that were never broadcast.
This is an integrity bug with security consequences. It does not disclose information (confidentiality unaffected) and does not affect availability.
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N →...
0.8.2Exploitability
AV:NAC:LPR:NUI:NScope
S:UImpact
C:NI:HA:N7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N