104 matches found
CVE-2024-32644 Evmos' transaction execution not accounting for all state transition after interaction with precompiles
Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibility to have two different states not in sync during the execution of a transaction. The exploit ...
CVE-2024-32644
Summary: CVE-2024-32644 affects Evmos pre-17.0.0. A state synchronization bug in stateDB.Commit() compares dirtyStorage to originStorage and only writes when they differ, which can allow non-atomic transactions and potentially mint arbitrary tokens or drain funds through creative smart-contract i...
CVE-2024-32644 Evmos' transaction execution not accounting for all state transition after interaction with precompiles
Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibility to have two different states not in sync during the execution of a transaction. The exploit ...
CVE-2024-32644 Evmos' transaction execution not accounting for all state transition after interaction with precompiles
Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibility to have two different states not in sync during the execution of a transaction. The exploit ...
Evmos 安全漏洞
Evmos is a scalable, high-throughput proof-of-equity blockchain. It is used for full compatibility and interoperability with Ether. A security vulnerability exists in Evmos versions prior to 17.0.0, which stems from the fact that transaction execution does not take into account all state...
Denial Of Service (DOS)
github.com/evmos/evmos is vulnerable to a Denial Of Service. The vulnerability is due to improper handling of nested MsgEthereumTx messages, allowing bypass of the block gas limit and causing indefinite chain halts...
Improper Access Control
github.com/evmos/evmos is vulnerable to Improper Access Control. The vulnerability is due to Evmos allowing the creation of a vesting account at a designated address for smart contracts on the EVM, enabling attackers to front-run the creation of a contract and block legitimate contract deployment...
GHSA-M99C-Q26R-M7M7 Evmos vulnerable to unauthorized account creation with vesting module
Impact What kind of vulnerability is it? Who is impacted? Using the vesting module, a malicious attacker can create a new vesting account at a given address, before a contract is created on that address. Addresses of smart contracts deployed to the EVM are deterministic. Therefore, it would be...
Evmos vulnerable to unauthorized account creation with vesting module
Impact What kind of vulnerability is it? Who is impacted? Using the vesting module, a malicious attacker can create a new vesting account at a given address, before a contract is created on that address. Addresses of smart contracts deployed to the EVM are deterministic. Therefore, it would be...
GHSA-V6RW-HHGG-WC4X Evmos vulnerable to DOS and transaction fee expropiation through Authz exploit
Impact What kind of vulnerability is it? Who is impacted? An attacker can use this bug to bypass the block gas limit and gas payment completely to perform a full Denial-of-Service against the chain. Disclosure Evmos versions below v11.0.1 do not check for MsgEthereumTx messages that are nested...
Evmos vulnerable to DOS and transaction fee expropiation through Authz exploit
Impact What kind of vulnerability is it? Who is impacted? An attacker can use this bug to bypass the block gas limit and gas payment completely to perform a full Denial-of-Service against the chain. Disclosure Evmos versions below v11.0.1 do not check for MsgEthereumTx messages that are nested...
Evmos transaction execution not accounting for all state transition after interaction with precompiles
Context - stateObject: represents the state of an account and is used to store its updates during a state transition. This is accomplished using two in memory Storage variables: originStorage and dirtyStorage - StateDB: it is the general interface to retrieve accounts and holds a map of...
GHSA-3FP5-2XWH-FXM6 Evmos transaction execution not accounting for all state transition after interaction with precompiles
Context - stateObject: represents the state of an account and is used to store its updates during a state transition. This is accomplished using two in memory Storage variables: originStorage and dirtyStorage - StateDB: it is the general interface to retrieve accounts and holds a map of...
Privilege Escalation
github.com/tharsis/evmos is vulnerable to privilege escalation. An attacker is able to drain unclaimed funds from user addresses by creating a new chain which does not enforce signature verification and connecting it to the targeted victim's evmos instance...
CVE-2022-24738
Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. In versions of evmos prior to 2.0.1 attackers are able to drain unclaimed funds from user addresses. To do this an attacker must create a new chain which does not enforce signature verification and connects it to the target evmo...
Out-of-bounds
Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. In versions of evmos prior to 2.0.1 attackers are able to drain unclaimed funds from user addresses. To do this an attacker must create a new chain which does not enforce signature verification and connects it to the target evmo...
GHSA-5JGQ-X857-P8XW Account compromise in Evmos
Impact What kind of vulnerability is it? Who is impacted? Classification The vulnerability has been classified as critical with a score of 9.0 highest. It has the potential to affect and drain unclaimed airdrop funds from Cosmos and Osmosis eligible user addresses. Disclosure The attack requires...
Account compromise in Evmos
Impact What kind of vulnerability is it? Who is impacted? Classification The vulnerability has been classified as critical with a score of 9.0 highest. It has the potential to affect and drain unclaimed airdrop funds from Cosmos and Osmosis eligible user addresses. Disclosure The attack requires...
CVE-2022-24738
Evmos prior to v2.0.1 is vulnerable to draining unclaimed funds by an attacker who creates a malicious chain that does not enforce signature verification and connects it to a target Evmos instance via IBC, enabling migration of claim records and fund transfer. The issue stems from a vulnerability...
CVE-2022-24738 Account compromise in Evmos
Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. In versions of evmos prior to 2.0.1 attackers are able to drain unclaimed funds from user addresses. To do this an attacker must create a new chain which does not enforce signature verification and connects it to the target evmo...