CVE-2021-25837

Published: Feb 8, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage changes caused by a failed transaction are improperly reserved in memory. Although the bad storage cache data will be discarded at EndBlock, it is still valid in the current block, which enables many possible attacks such as an "arbitrary mint token".

Affected (1)

Products: Chainsafe: Ethermint

Chainsafe

1 product

Ethermint

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Chainsafe Ethermint	Up to 0.4.0

References (2)

https://github.com/cosmos/ethermint/issues/667#issuecomment-759284107

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/cosmos/ethermint/issues/667#issuecomment-759284107

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.