Cronos · Cronos · CVE-2021-43839
Name of the Vulnerable Software and Affected Versions:
Cronos versions prior to v0.6.5
Description:
The issue allows an attacker to take transaction fees from Cosmos SDK's FeeCollector for the current block by sending a custom crafted `MsgEthereumTx`. User funds and balances are safe.
Recommendations:
For Cronos versions prior to v0.6.5, upgrade to Cronos v0.6.5 at the earliest possible convenience.