GHSA-Q6HG-6M9X-5G9C Evmos vulnerable to exploit of smart contract account and vesting

Summary This advisory board aims to describe two vulnerabilities found in the Evmos codebase: - Authorization check on the fundVestingAccount: unauthorized spend of funds. Details Authorization check on the fundVestingAccount With the current implementation, a user can create a vesting account wi...

Evmos vulnerable to exploit of smart contract account and vesting

Summary This advisory board aims to describe two vulnerabilities found in the Evmos codebase: - Authorization check on the fundVestingAccount: unauthorized spend of funds. Details Authorization check on the fundVestingAccount With the current implementation, a user can create a vesting account wi...

CVE-2024-39696

Summary: Evmos prior to v19.0.0 allowed creating a vesting account with a third-party as funder, then issuing an authorization for a contract.CallerAddress. The funds are drawn from the funder address provided in the message, enabling a user to fund a vesting account using another party’s funds w...

PT-2024-28634 · Evmos · Evmos

Name of the Vulnerable Software and Affected Versions: Evmos versions prior to 19.0.0 Description: The issue allows a user to create a vesting account with a 3rd party account as funder without its permission. This is possible because the authorization checked in the code is for the...