Iczc

**Name of the Vulnerable Software and Affected Versions** Evmos versions prior to 17.0.0 **Description** The issue arises from the possibility of having two different states not in sync during the execution of a transaction, allowing for the minting of arbitrary tokens. This is due to the reliance on the `stateDB.Commit()` method to sync the Cosmos SDK state and the EVM state. When this method is called, it iterates through all the `dirtyStorage` and updates the state only if it is different from the `originStorage`. If a contract storage state is the same before and after a transaction but is changed during the transaction and can call an external contract after the change, it can be exploited to make the transaction similar to non-atomic. This could lead to a drain of funds through creative smart contract interactions. **Recommendations** For versions prior to 17.0.0, update to version 17.0.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of smart contracts that can call external contracts after a state change to minimize the risk of exploitation. Avoid using contracts that have storage states that are the same before and after a transaction but are changed during the transaction.