CVE-2022-37450

Name of the Vulnerable Software and Affected Versions Go Ethereum (aka geth) versions 1.10.21 and earlier

Description The issue allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, also known as Riskless Uncle Making (RUM). This issue has been exploited in the wild.

Recommendations For Go Ethereum (aka geth) versions 1.10.21 and earlier, update to a version later than 1.10.21 to resolve the issue. As a temporary workaround, consider restricting the ability to manipulate time-difference values to minimize the risk of exploitation.