60 matches found
Code injection
Ethermint is an Ethereum library. In Ethermint running versions before v0.17.2, the contract selfdestruct invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the DeleteAccountfunction, all contracts that used the identical bytecod...
CVE-2022-35936 Ethermint DoS through Unintended Contract Selfdestruct
Ethermint is an Ethereum library. In Ethermint running versions before v0.17.2, the contract selfdestruct invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the DeleteAccountfunction, all contracts that used the identical bytecod...
CVE-2022-35936 Ethermint DoS through Unintended Contract Selfdestruct
Ethermint is an Ethereum library. In Ethermint running versions before v0.17.2, the contract selfdestruct invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the DeleteAccountfunction, all contracts that used the identical bytecod...
CVE-2022-35936
CVE-2022-35936 (Ethermint) affects pre-0.17.2 Ethermint where selfdestruct can delete the bytecode entry, and due to a buggy DeleteAccount function, all contracts sharing the same CodeHash can fail after one contract self-destructs. Patch available in v0.18.0 which removes the deletion of contrac...
CVE-2022-35936 Ethermint DoS through Unintended Contract Selfdestruct
Ethermint is an Ethereum library. In Ethermint running versions before v0.17.2, the contract selfdestruct invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the DeleteAccountfunction, all contracts that used the identical bytecod...
PT-2022-23042 · Cronos +1 · Cronos +1
Name of the Vulnerable Software and Affected Versions: Ethermint versions prior to v0.17.2 Ethermint versions prior to v0.18.0 are not affected if they are v0.17.2 or later, but since v0.17.2 is not a fixed version and only v0.18.0 is mentioned as fixed, we consider all versions before v0.18.0 as...
Ethermint 安全漏洞
Ethermint is a Cosmos SDK library for running scalable and interoperable EVM chains. A security vulnerability exists in versions of Ethermint prior to v0.18.0, which stems from an error in the DeleteAccount function, where all contracts using the same bytecode will also stop working when one...
Authentication bypass by capture-replay in github.com/cosmos/ethermint
Cosmos Network Ethermint = v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application. Specific Go Packages Affected github.com/cosmos/ethermint/rpc/namespaces/eth...
Authentication bypass by capture-replay in github.com/cosmos/ethermint
Cosmos Network Ethermint = v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with the same msg conte...
GHSA-X5F3-QMWJ-4F84 Authentication bypass by capture-replay in github.com/cosmos/ethermint
Cosmos Network Ethermint = v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with the same msg conte...
GHSA-93P5-8FQW-WJX3 Authentication bypass by capture-replay in github.com/cosmos/ethermint
Cosmos Network Ethermint = v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application. Specific Go Packages Affected github.com/cosmos/ethermint/rpc/namespaces/eth...
Other vulnerabilities exist in Ethermint
Due to the inconsistency between the storage cache cycle and the transaction processing cycle, storage changes caused by failed transactions are improperly retained in memory. Although dirty storage data is discarded at the EndBlock stage, it is still valid in the current block, which can lead to...
Other vulnerabilities exist in Ethermint
When verifying the signature of transactions on different chains, only the ChainIDEpoch field is used to indicate the chain to which the transaction belongs, so for two chains with different ChainIDs but the same ChainIDEpoch, the signed transaction can be replayed on the other chain...
Cross-Chain Transaction Replay Attack
github.com/cosmos/ethermint is vulnerable to Cross-Chain Transaction Replay Attack. The vulnerability exists when transactions created on one chain could be replayed on the other chain due to ethermint using the same chainIDEpoch and signature schemes as ethereum which has the same vulnerability...
CVE-2021-25837
Cosmos Network Ethermint = v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage changes caused by a failed transaction are improperly reserved in memory. Although the bad storage cach...
CVE-2021-25834
Cosmos Network Ethermint = v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application...
CVE-2021-25835
Cosmos Network Ethermint = v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with the same msg conte...
CVE-2021-25835
Cosmos Network Ethermint = v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with the same msg conte...
CVE-2021-25834
Cosmos Network Ethermint = v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application...
CVE-2021-25836
Cosmos Network Ethermint = v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. The bytecode set in a FAILED transaction wrongfully remains in memorystateObject.code and is further written to persistent store at the Endblock stage, which may be utilized to build honeypot contrac...