116 matches found
SUSE CVE-2025-61595
MANTRA is a purpose-built RWA Layer 1 Blockchain, capable of adherence to real world regulatory requirements. Versions 4.0.1 and below do not enforce the tx gas limit in its send hooks. Send hooks can spend more gas than what remains in tx, combined with recursive calls in the wasm contract,...
GO-2025-3997 github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks in github.com/MANTRA-Chain/mantrachain
github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks in github.com/MANTRA-Chain/mantrachain...
CVE-2025-61595
MANTRA is a purpose-built RWA Layer 1 Blockchain, capable of adherence to real world regulatory requirements. Versions 4.0.1 and below do not enforce the tx gas limit in its send hooks. Send hooks can spend more gas than what remains in tx, combined with recursive calls in the wasm contract,...
EUVD-2025-31776
Malicious code in bioql PyPI...
CVE-2025-61595
CVE-2025-61595 pertains to MANTRA Chain. Versions up to 4.0.1 do not enforce the tx gas limit in send hooks, allowing gas to be spent beyond remaining and enabling recursive calls in the wasm contract, potentially causing exponential gas consumption. The issue is fixed in version 4.0.2. Affected ...
CVE-2025-61595 MANTRA tx gas limit is not enforced in send hooks
MANTRA is a purpose-built RWA Layer 1 Blockchain, capable of adherence to real world regulatory requirements. Versions 4.0.1 and below do not enforce the tx gas limit in its send hooks. Send hooks can spend more gas than what remains in tx, combined with recursive calls in the wasm contract,...
CVE-2025-61595 MANTRA tx gas limit is not enforced in send hooks
MANTRA is a purpose-built RWA Layer 1 Blockchain, capable of adherence to real world regulatory requirements. Versions 4.0.1 and below do not enforce the tx gas limit in its send hooks. Send hooks can spend more gas than what remains in tx, combined with recursive calls in the wasm contract,...
Mantrachain 安全漏洞
Mantrachain is a blockchain software open source by MANTRA Chain. A security vulnerability exists in Mantrachain version 4.0.1 and earlier, which stems from an unenforced transactional gas limit that could lead to exponential gas consumption...
GHSA-QWVM-WQQ8-8J69 github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks
Impact send hooks can spend more gas than what's remained in tx, combined with recursive calls in the wasm contract, can amplify the gas consumption exponentially. Patches It's patched in v4.0.2 and v5.0.0 Workarounds Is there a way for users to fix or remediate the vulnerability without upgradin...
github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks
Impact send hooks can spend more gas than what's remained in tx, combined with recursive calls in the wasm contract, can amplify the gas consumption exponentially. Patches It's patched in v4.0.2 and v5.0.0 Workarounds Is there a way for users to fix or remediate the vulnerability without upgradin...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the improper handling of gas limits in precompile executions. An attacker can manipulate the state of the blockchain by causing certain functions to execute with insufficient gas, leading to incomplete...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the improper handling of gas limits in precompile executions. An attacker can manipulate the state of the blockchain by causing certain functions to execute with insufficient gas, leading to incomplete...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the improper handling of gas limits in precompile executions. An attacker can manipulate the state of the blockchain by causing certain functions to execute with insufficient gas, leading to incomplete...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the improper handling of gas limits in precompile executions. An attacker can manipulate the state of the blockchain by causing certain functions to execute with insufficient gas, leading to incomplete...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the improper handling of gas limits in precompile executions. An attacker can manipulate the state of the blockchain by causing certain functions to execute with insufficient gas, leading to incomplete...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the improper handling of gas limits in precompile executions. An attacker can manipulate the state of the blockchain by causing certain functions to execute with insufficient gas, leading to incomplete...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the improper handling of gas limits in precompile executions. An attacker can manipulate the state of the blockchain by causing certain functions to execute with insufficient gas, leading to incomplete...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the improper handling of gas limits in precompile executions. An attacker can manipulate the state of the blockchain by causing certain functions to execute with insufficient gas, leading to incomplete...
Denial Of Service (DOS)
github.com/evmos/evmos is vulnerable to a Denial Of Service. The vulnerability is due to improper handling of nested MsgEthereumTx messages, allowing bypass of the block gas limit and causing indefinite chain halts...
GHSA-V6RW-HHGG-WC4X Evmos vulnerable to DOS and transaction fee expropiation through Authz exploit
Impact What kind of vulnerability is it? Who is impacted? An attacker can use this bug to bypass the block gas limit and gas payment completely to perform a full Denial-of-Service against the chain. Disclosure Evmos versions below v11.0.1 do not check for MsgEthereumTx messages that are nested...