Summerproo

**Name of the Vulnerable Software and Affected Versions** Cosmos Network Ethermint versions <= 0.4.0 **Description** The issue concerns a cache lifecycle inconsistency in the EVM module. Specifically, when a transaction fails, the bytecode associated with it remains in memory, stored in `stateObject.code`, and is subsequently written to the persistent store during the Endblock stage. This behavior can potentially be exploited to create honeypot contracts. **Recommendations** For Cosmos Network Ethermint versions <= 0.4.0, consider updating to a version that addresses the cache lifecycle inconsistency in the EVM module to prevent potential exploitation. As a temporary workaround, restrict the use of the EVM module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Cosmos Network Ethermint versions <= 0.4.0 **Description** The issue is related to cache lifecycle inconsistency in the EVM module. This inconsistency occurs between the Storage caching cycle and the Tx processing cycle, causing Storage changes from failed transactions to be improperly reserved in memory. Although the bad storage cache data is discarded at EndBlock, it remains valid in the current block. This enables possible attacks, such as an "arbitrary mint token". **Recommendations** For Cosmos Network Ethermint versions <= 0.4.0, update to a version greater than 0.4.0 to resolve the cache lifecycle inconsistency issue. As a temporary workaround, consider restricting the use of the EVM module until a patch is available.