CVE-2024-37154 Evmos allows unvested token delegations

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. Users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via ClawbackVestingAccount. This affects 18.1.0 and earlier...

PT-2022-16840 · Cosmos +2 · Cosmos +2

Name of the Vulnerable Software and Affected Versions: Evmos versions prior to 2.0.1 Description: The issue allows attackers to drain unclaimed funds from user addresses by creating a new chain that does not enforce signature verification and connecting it to the target Evmos instance. The attack...