CVE-2024-39696

Evmos is a decentralized Ethereum Virtual Machine chain on the Cosmos Network. Prior to version 19.0.0, a user can create a vesting account with a 3rd party account EOA or contract as funder. Then, this user can create an authorization for the contract.CallerAddress, this is the authorization...

EUVD-2024-36470

Malicious code in bioql PyPI...

EUVD-2024-1080

Malicious code in bioql PyPI...

EUVD-2022-1323

Malicious code in bioql PyPI...

EUVD-2024-2214

Malicious code in bioql PyPI...

EUVD-2024-2400

Malicious code in bioql PyPI...

EUVD-2024-2129

Malicious code in bioql PyPI...

EUVD-2024-1962

Malicious code in bioql PyPI...

EUVD-2024-36471

Malicious code in bioql PyPI...

CVE-2024-32873

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. The spendable balance is not updated properly when delegating vested tokens. The issue allows a clawback vesting account to anticipate the release of unvested tokens. This vulnerability is fixed in 18.0.0...

CVE-2024-37154

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. Users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via ClawbackVestingAccount. This affects 18.1.0 and earlier...

Cosmos EVM Allows Partial Precompile State Writes

Impact Setting lower EVM call gas allows users to partially execute precompiles and error at specific points in the precompile code without reverting the partially written state. If executed on the distribution precompile when claiming funds, it could cause funds to be transferred to a user witho...

CVE-2022-24738

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. In versions of evmos prior to 2.0.1 attackers are able to drain unclaimed funds from user addresses. To do this an attacker must create a new chain which does not enforce signature verification and connects it to the target evmo...

CVE-2024-32644

Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibility to have two different states not in sync during the execution of a transaction. The exploit ...

CVE-2024-37153

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. There is an issue with how to liquid stake using Safe which itself is a contract. The bug only appears when there is a local state change together with an ICS20 transfer in the same function and uses the contract's balance, that...

GO-2022-0348 Account compromise in Evmos in github.com/tharsis/evmos

Account compromise in Evmos in github.com/tharsis/evmos...

GHSA-Q6HG-6M9X-5G9C Evmos vulnerable to exploit of smart contract account and vesting

Summary This advisory board aims to describe two vulnerabilities found in the Evmos codebase: - Authorization check on the fundVestingAccount: unauthorized spend of funds. Details Authorization check on the fundVestingAccount With the current implementation, a user can create a vesting account wi...

Evmos vulnerable to exploit of smart contract account and vesting

Summary This advisory board aims to describe two vulnerabilities found in the Evmos codebase: - Authorization check on the fundVestingAccount: unauthorized spend of funds. Details Authorization check on the fundVestingAccount With the current implementation, a user can create a vesting account wi...

GO-2024-2974 Evmos vulnerable to exploit of smart contract account and vesting in github.com/evmos/evmos

Evmos vulnerable to exploit of smart contract account and vesting in github.com/evmos/evmos...

Incorrect Authorization

Evmos is vulnerable to Incorrect Authorization. The vulnerability is due to allowing users to create a vesting account with a third-party account as the funder, enabling unauthorized fund transfers from the funder address...