Lucene search
K

104 matches found

vulnrichment
vulnrichment
added 2024/04/19 2:53 p.m.17 views

CVE-2024-32644 Evmos' transaction execution not accounting for all state transition after interaction with precompiles

Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibility to have two different states not in sync during the execution of a transaction. The exploit ...

9.1CVSS6.8AI score0.00943EPSS
Exploits0References3
cve
cve
added 2024/04/19 2:53 p.m.70 views

CVE-2024-32644

Summary: CVE-2024-32644 affects Evmos pre-17.0.0. A state synchronization bug in stateDB.Commit() compares dirtyStorage to originStorage and only writes when they differ, which can allow non-atomic transactions and potentially mint arbitrary tokens or drain funds through creative smart-contract i...

9.1CVSS6.7AI score0.00943EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2024/04/19 2:53 p.m.34 views

CVE-2024-32644 Evmos' transaction execution not accounting for all state transition after interaction with precompiles

Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibility to have two different states not in sync during the execution of a transaction. The exploit ...

9.1CVSS9.4AI score0.00943EPSS
Exploits0References3
osv
osv
added 2024/04/19 2:53 p.m.24 views

CVE-2024-32644 Evmos' transaction execution not accounting for all state transition after interaction with precompiles

Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibility to have two different states not in sync during the execution of a transaction. The exploit ...

9.1CVSS8.8AI score0.00943EPSS
Exploits0References5
cnnvd
cnnvd
added 2024/04/19 12:0 a.m.6 views

Evmos 安全漏洞

Evmos is a scalable, high-throughput proof-of-equity blockchain. It is used for full compatibility and interoperability with Ether. A security vulnerability exists in Evmos versions prior to 17.0.0, which stems from the fact that transaction execution does not take into account all state...

9.1CVSS6.8AI score0.00943EPSS
Exploits0References4
veracode
veracode
added 2024/04/18 5:25 a.m.14 views

Denial Of Service (DOS)

github.com/evmos/evmos is vulnerable to a Denial Of Service. The vulnerability is due to improper handling of nested MsgEthereumTx messages, allowing bypass of the block gas limit and causing indefinite chain halts...

7AI score
Exploits0
veracode
veracode
added 2024/04/18 5:22 a.m.10 views

Improper Access Control

github.com/evmos/evmos is vulnerable to Improper Access Control. The vulnerability is due to Evmos allowing the creation of a vesting account at a designated address for smart contracts on the EVM, enabling attackers to front-run the creation of a contract and block legitimate contract deployment...

7AI score
Exploits0
osv
osv
added 2024/04/17 5:37 p.m.10 views

GHSA-M99C-Q26R-M7M7 Evmos vulnerable to unauthorized account creation with vesting module

Impact What kind of vulnerability is it? Who is impacted? Using the vesting module, a malicious attacker can create a new vesting account at a given address, before a contract is created on that address. Addresses of smart contracts deployed to the EVM are deterministic. Therefore, it would be...

7.2AI score
Exploits0References3
github
github
added 2024/04/17 5:37 p.m.15 views

Evmos vulnerable to unauthorized account creation with vesting module

Impact What kind of vulnerability is it? Who is impacted? Using the vesting module, a malicious attacker can create a new vesting account at a given address, before a contract is created on that address. Addresses of smart contracts deployed to the EVM are deterministic. Therefore, it would be...

7.2AI score
Exploits0References3Affected Software2
osv
osv
added 2024/04/17 5:35 p.m.39 views

GHSA-V6RW-HHGG-WC4X Evmos vulnerable to DOS and transaction fee expropiation through Authz exploit

Impact What kind of vulnerability is it? Who is impacted? An attacker can use this bug to bypass the block gas limit and gas payment completely to perform a full Denial-of-Service against the chain. Disclosure Evmos versions below v11.0.1 do not check for MsgEthereumTx messages that are nested...

9.1CVSS7.1AI score
Exploits0References2
github
github
added 2024/04/17 5:35 p.m.17 views

Evmos vulnerable to DOS and transaction fee expropiation through Authz exploit

Impact What kind of vulnerability is it? Who is impacted? An attacker can use this bug to bypass the block gas limit and gas payment completely to perform a full Denial-of-Service against the chain. Disclosure Evmos versions below v11.0.1 do not check for MsgEthereumTx messages that are nested...

7.1AI score
Exploits0References2Affected Software1
github
github
added 2024/04/10 10:4 p.m.48 views

Evmos transaction execution not accounting for all state transition after interaction with precompiles

Context - stateObject: represents the state of an account and is used to store its updates during a state transition. This is accomplished using two in memory Storage variables: originStorage and dirtyStorage - StateDB: it is the general interface to retrieve accounts and holds a map of...

9.1CVSS7.2AI score0.00943EPSS
Exploits0References7Affected Software9
osv
osv
added 2024/04/10 10:4 p.m.62 views

GHSA-3FP5-2XWH-FXM6 Evmos transaction execution not accounting for all state transition after interaction with precompiles

Context - stateObject: represents the state of an account and is used to store its updates during a state transition. This is accomplished using two in memory Storage variables: originStorage and dirtyStorage - StateDB: it is the general interface to retrieve accounts and holds a map of...

9.1CVSS9.2AI score0.00943EPSS
Exploits0References7
veracode
veracode
added 2022/03/08 4:53 a.m.28 views

Privilege Escalation

github.com/tharsis/evmos is vulnerable to privilege escalation. An attacker is able to drain unclaimed funds from user addresses by creating a new chain which does not enforce signature verification and connecting it to the targeted victim's evmos instance...

8.1CVSS3.2AI score0.01051EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2022/03/07 10:15 p.m.48 views

CVE-2022-24738

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. In versions of evmos prior to 2.0.1 attackers are able to drain unclaimed funds from user addresses. To do this an attacker must create a new chain which does not enforce signature verification and connects it to the target evmo...

8.1CVSS0.01051EPSS
Exploits0References3
prion
prion
added 2022/03/07 10:15 p.m.23 views

Out-of-bounds

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. In versions of evmos prior to 2.0.1 attackers are able to drain unclaimed funds from user addresses. To do this an attacker must create a new chain which does not enforce signature verification and connects it to the target evmo...

5.8CVSS7.3AI score0.01051EPSS
Exploits0References3Affected Software1
osv
osv
added 2022/03/07 9:45 p.m.37 views

GHSA-5JGQ-X857-P8XW Account compromise in Evmos

Impact What kind of vulnerability is it? Who is impacted? Classification The vulnerability has been classified as critical with a score of 9.0 highest. It has the potential to affect and drain unclaimed airdrop funds from Cosmos and Osmosis eligible user addresses. Disclosure The attack requires...

7.4CVSS7.7AI score0.01051EPSS
Exploits0References5
github
github
added 2022/03/07 9:45 p.m.48 views

Account compromise in Evmos

Impact What kind of vulnerability is it? Who is impacted? Classification The vulnerability has been classified as critical with a score of 9.0 highest. It has the potential to affect and drain unclaimed airdrop funds from Cosmos and Osmosis eligible user addresses. Disclosure The attack requires...

8.1CVSS1.6AI score0.01051EPSS
Exploits0References5Affected Software1
cve
cve
added 2022/03/07 9:30 p.m.126 views

CVE-2022-24738

Evmos prior to v2.0.1 is vulnerable to draining unclaimed funds by an attacker who creates a malicious chain that does not enforce signature verification and connects it to a target Evmos instance via IBC, enabling migration of claim records and fund transfer. The issue stems from a vulnerability...

8.1CVSS7.4AI score0.01051EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2022/03/07 9:30 p.m.8 views

CVE-2022-24738 Account compromise in Evmos

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. In versions of evmos prior to 2.0.1 attackers are able to drain unclaimed funds from user addresses. To do this an attacker must create a new chain which does not enforce signature verification and connects it to the target evmo...

8.1CVSS8AI score0.01051EPSS
Exploits0References3
Rows per page
Query Builder