Vulnerable MerkleProof library version
During the security audit, it has been identified that the SessionKeyManager is utilizing an outdated version of the MerkleProof library from OpenZeppelin. The specific version in use, ranging from V4.7 to V4.9, is vulnerable to the CVE-2023-34459↗ exploit, which may allow malicious actors to prove arbitrary leaves for specific trees when utilizing multiproofs. Although the SessionKeyManager is not directly utilizing the vulnerable functions of the MerkleProof, it is strongly recommended to upgrade to the latest version of the library as a best practice for maintaining the security and integrity of the project. By using the latest version of the library, the project ensures its protection against potential future exploits and vulnerabilities that may arise due to using outdated code.