PT-2021-16811 · Unknown · Cosmos Network Ethermint

Summerproo

Published

2021-02-08

Updated

2021-02-12

CVE-2021-25836

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Cosmos Network Ethermint versions <= 0.4.0

Description The issue concerns a cache lifecycle inconsistency in the EVM module. Specifically, when a transaction fails, the bytecode associated with it remains in memory, stored in stateObject.code, and is subsequently written to the persistent store during the Endblock stage. This behavior can potentially be exploited to create honeypot contracts.

Recommendations For Cosmos Network Ethermint versions <= 0.4.0, consider updating to a version that addresses the cache lifecycle inconsistency in the EVM module to prevent potential exploitation. As a temporary workaround, restrict the use of the EVM module until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-25836

Affected Products

Cosmos Network Ethermint

PT-2021-16811 · Unknown · Cosmos Network Ethermint

CVE-2021-25836

Related Identifiers

Affected Products

References · 4