CVE-2021-43839

Cronos v0.6.5 fixes a vulnerability in Cronos nodes earlier than v0.6.5 where an attacker could drain the current-block transaction fees from Cosmos SDK’s FeeCollector by sending a crafted MsgEthereumTx. Affected: Cronos prior to v0.6.5. Root cause: improper handling enabling fee drainage at the ...