CVE-2021-41153

Name of the Vulnerable Software and Affected Versions evm crate versions < 0.31.0

Description The evm crate, a pure Rust implementation of Ethereum Virtual Machine, has an issue where the JUMPI opcode's condition is checked after the destination validity check, contrary to the expected behavior as per Geth and OpenEthereum, where the condition check should happen before the destination validity check. This issue poses a high severity security risk if the evm crate is used for Ethereum mainnet, but a low severity risk if used in Frontier or a standalone blockchain, as there's no potential for security exploits in those cases.

Recommendations For evm crate versions < 0.31.0 used in Ethereum mainnet, update the library dependency immediately to version 0.31.0 or later. For evm crate versions < 0.31.0 used in Frontier or other pallet-evm based Substrate blockchain, ensure to update the spec version before updating to version 0.31.0 or later. For evm crate versions < 0.31.0 used in other blockchains, follow a hard-fork process before updating to version 0.31.0 or later. If dependent on an older version of evm and unable to update due to API interface changes, contact the maintainer for assistance with patch releases for older evm versions.