CVE-2021-25835

Cosmos Network Ethermint = v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with the same msg conte...

Malicious sub-account operators can perform cross-chain signature replay attack

Lines of code Vulnerability details Impact Malicious sub-account operators can perform policy or transactions not allowed to the specific chain but allowed in other chain. This is possible due to cross-chain signature replay attack. Proof of Concept To describe the attack, for example, let us hav...

Cross-Chain Signature Replay Attack

Lines of code Vulnerability details Impact 1. User operations can be replayed on smart accounts accross different chains. This can lead to user's loosing funds or any unexpected behaviour that transaction replay attacks usually lead to. 2. Mistakes made on one chain can be re-applied to a new...

Cross-chain replay attacks are possible

Lines of code Vulnerability details Impact In MarketERC20.sol we have permit function: function permit / bool asset, // 1 = asset, 0 = collateral address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, ...