CVE-2021-25837

Name of the Vulnerable Software and Affected Versions Cosmos Network Ethermint versions <= 0.4.0

Description The issue is related to cache lifecycle inconsistency in the EVM module. This inconsistency occurs between the Storage caching cycle and the Tx processing cycle, causing Storage changes from failed transactions to be improperly reserved in memory. Although the bad storage cache data is discarded at EndBlock, it remains valid in the current block. This enables possible attacks, such as an "arbitrary mint token".

Recommendations For Cosmos Network Ethermint versions <= 0.4.0, update to a version greater than 0.4.0 to resolve the cache lifecycle inconsistency issue. As a temporary workaround, consider restricting the use of the EVM module until a patch is available.