CVE-2021-25836

2021-02-0817:54:16

mitre

www.cve.org

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.2%

JSON

Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. The bytecode set in a FAILED transaction wrongfully remains in memory(stateObject.code) and is further written to persistent store at the Endblock stage, which may be utilized to build honeypot contracts.

References

github.com/cosmos/ethermint/issues/667#issuecomment-759284303