CVE-2022-46173

Name of the Vulnerable Software and Affected Versions Elrond-GO versions prior to 1.3.50

Description The issue is a processing problem where nodes are affected when trying to process a cross-shard relayed transaction with a smart contract deploy transaction data. This occurs due to a bad correlation between the transaction caches and the processing component. If a transaction is sent with more gas than required, the smart contract result (SCR transaction) that should return the leftover gas is wrongly added to a cache that the processing unit does not consider, causing the node to stop notarizing metachain blocks. The fix involves extending the SCR transaction search in all other caches if it isn't found in the correct sharded-cache.

Recommendations For versions prior to 1.3.50, update to version 1.3.50 or later to resolve the issue. As a temporary workaround, consider extending the SCR transaction search in all other caches if it wasn't found in the correct sharded-cache, until a patch is available.