Improper Restriction Of Power Consumption

github.com/cosmwasm/wasmvm is vulnerable to Improper Restriction of Power Consumption. The vulnerability is due to inaccurate gas benchmarks, allowing malicious contracts to consume up to 10 times the expected execution time, which can temporarily DoS a chain...

CWA-2024-004: Gas mispricing in cosmwasm-vm

Some Wasm operations take significantly more gas than our benchmarks indicated. This can lead to missing the gas target we defined by a factor of 10x. This means a malicious contract could take 10 times as much time to execute as expected, which can be used to temporarily DoS a chain. For more...