From 218a772dc1f031aa64e0c575a92c8e04439674d5 Mon Sep 17 00:00:00 2001
From: zerosnacks <95942363+zerosnacks@users.noreply.github.com>
Date: Wed, 15 Oct 2025 15:11:39 +0200
Subject: [PATCH] fix: RUSTSEC-2025-0073 (`alloy-dyn-abi`), update to
 description and credit (#2423)

---
 crates/alloy-dyn-abi/RUSTSEC-2025-0073.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/crates/alloy-dyn-abi/RUSTSEC-2025-0073.md b/crates/alloy-dyn-abi/RUSTSEC-2025-0073.md
index 16950707..1cc88dcc 100644
--- a/crates/alloy-dyn-abi/RUSTSEC-2025-0073.md
+++ b/crates/alloy-dyn-abi/RUSTSEC-2025-0073.md
@@ -18,10 +18,12 @@ patched = [">=0.8.26, <1.0.0", ">=1.4.1"]
 
 # DoS vulnerability on `alloy_dyn_abi::TypedData` hashing
 
-An uncaught panic triggered by malformed input to `alloy_dyn_abi::TypedData` could lead to a denial-of-service (DoS) when the library is used in auto-restarting software.
+An uncaught panic triggered by malformed input to `alloy_dyn_abi::TypedData` could lead to a denial-of-service (DoS) via `eip712_signing_hash()`.
+
+Software with high availability requirements such as network services may be particularly impacted. If in use, external auto-restarting mechanisms can partially mitigate the availability issues unless repeated attacks are possible.
 
 The vulnerability was patched by adding a check to ensure the element is not empty before accessing its first element; an error is returned if it is empty. The fix is included in version [v1.4.1](https://crates.io/crates/alloy-dyn-abi/1.4.1) and backported to [v0.8.26](https://crates.io/crates/alloy-dyn-abi/0.8.26).
 
 There is no known workaround that mitigates the vulnerability. Upgrading to a patched version is the recommended course of action.
 
-Reported by [Christian Reitter](https://github.com/cr-tk) & [Zeke Mostov](https://github.com/emostov).
+Reported by [Christian Reitter](https://github.com/cr-tk) & [Zeke Mostov](https://github.com/emostov) from [Turnkey](https://www.turnkey.com/).