CVE-2021-39137

Name of the Vulnerable Software and Affected Versions go-ethereum versions prior to v1.10.8

Description A consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. This issue is related to a memory-corruption bug within the EVM, which can cause a consensus error when processing a maliciously crafted transaction, leading to the chain being split in two forks. The vulnerability was exploited on Mainnet, resulting in a minority chain split. Approximately 50% of nodes were taken down due to this bug.

Recommendations For versions prior to v1.10.8, update to the v1.10.8 release, which includes a patch for the issue. No workarounds exist, save to update and/or apply the patch commit. As a temporary workaround, consider restricting the use of the vulnerable EVM until a patch is available.