PT-2025-40050 — Github.Com/Mantra-Chain/Mantrachain+3

PT-2025-40050 · Go · Github.Com/Mantra-Chain/Mantrachain+3

Published

2025-09-30

Updated

2025-09-30

CVSS v4.0

8.8

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

Impact

send hooks can spend more gas than what's remained in tx, combined with recursive calls in the wasm contract, can amplify the gas consumption exponentially.

Patches

It's patched in v4.0.2 and v5.0.0

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading?

Fix

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-400

Related Identifiers

GHSA-QWVM-WQQ8-8J69

Affected Products

Github.Com/Mantra-Chain/Mantrachain

Github.Com/Mantra-Chain/Mantrachain/V2

Github.Com/Mantra-Chain/Mantrachain/V3