4 matches found
GO-2024-2731 Evmos vulnerable to unauthorized account creation with vesting module in github.com/evmos/evmos
Evmos vulnerable to unauthorized account creation with vesting module in github.com/evmos/evmos...
Evmos vulnerable to unauthorized account creation with vesting module
Impact What kind of vulnerability is it? Who is impacted? Using the vesting module, a malicious attacker can create a new vesting account at a given address, before a contract is created on that address. Addresses of smart contracts deployed to the EVM are deterministic. Therefore, it would be...
GHSA-M99C-Q26R-M7M7 Evmos vulnerable to unauthorized account creation with vesting module
Impact What kind of vulnerability is it? Who is impacted? Using the vesting module, a malicious attacker can create a new vesting account at a given address, before a contract is created on that address. Addresses of smart contracts deployed to the EVM are deterministic. Therefore, it would be...
Improper Input Validation
github.com/cosmos/cosmos-sdk is vulnerable to Improper Input Validation. The vulnerability is due to a lack of BlockedAddressed validation in the x/auth/vesting module which would prevent the creation of a periodic vesting account. If triggered, there is the potential for a chain halt if the...