## Stellar Protocol Audit: HIGH-Severity Consensus Risk in ChangeTrust Pool Share Validation
A critical vulnerability has been confirmed in the Stellar network's transaction processing code, posing a direct risk of consensus divergence. The flaw resides in the `execute_change_trust` function within the `henyey-tx` crate, which fails to validate key parameters for liquidity pool share assets. While the function performs checks for negative limits, native assets, and self-trust, it completely bypasses validation for pool share-specific parameters like fee, asset ordering, and individual asset validity. This omission creates a pathway for invalid pool share trustlines to be accepted by one node but rejected by another, threatening the fundamental agreement that underpins the entire blockchain.

The finding, designated H-020 with a HIGH severity rating, was verified through adversarial review. The vulnerable code path is triggered when processing a `ChangeTrustAsset::PoolShare` operation; the function simply extracts the parameters without applying any validity checks. This behavior starkly contrasts with the reference implementation in Stellar Core (`stellar-core`), where `ChangeTrustOpFrame::doCheckValid` explicitly calls `isPoolShareAssetValid` to enforce these critical rules. The discrepancy between the two codebases is the core of the consensus risk.

The unaddressed gap leaves the network exposed to a scenario where malformed or invalid pool share trustline operations could propagate, depending on which software version a validator is running. For a decentralized financial protocol handling billions in assets, such a consensus fault could disrupt settlement finality, destabilize automated market makers, and erode trust in the network's reliability. The severity is elevated because the flaw exists in a core transaction operation, a fundamental building block for all DeFi activity on Stellar.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: blockchain, security_audit, consensus_vulnerability, DeFi, smart_contract
- **Credibility**: unverified
- **Published**: 2026-04-08 11:27:24
- **ID**: 54900
- **URL**: https://whisperx.ai/en/intel/54900