CVE-2024-37154

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Evmos versions 18.1.0 and earlier

Description The issue affects users who have funds managed via ClawbackVestingAccount, allowing them to delegate tokens that have not yet been vested. This impacts employees and grantees.

Recommendations For versions 18.1.0 and earlier, update to a newer version that includes the fix, as the current version allows premature token delegation. As a temporary workaround, consider containing the information about this vulnerability to minimize the number of users who know about it and can thus exploit it. There is no effective workaround to fix or remediate this issue without a new release.

Exploit

Fix

Incorrect Authorization

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-285

Related Identifiers

CVE-2024-37154

GHSA-7HRH-V6WP-53VW

GO-2024-2904

Affected Products

Evmos

CVE-2024-37154

Weakness Enumeration

Related Identifiers

Affected Products

References · 11