← Back

Ethermint

ethermint

Vendor: Chainsafe • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-25837
1Chainsafe
1Ethermint
Nov 21, 2024
Feb 8, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage changes caused by a faile...Show more
Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage changes caused by a failed transaction are improperly reserved in memory. Although the bad storage cache data will be discarded at EndBlock, it is still valid in the current block, which enables many possible attacks such as an "arbitrary mint token".Show less
CVE-2021-25836
1Chainsafe
1Ethermint
Nov 21, 2024
Feb 8, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. The bytecode set in a FAILED transaction wrongfully remains in memory(stateObject.code) and is further written to persist...Show more
Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. The bytecode set in a FAILED transaction wrongfully remains in memory(stateObject.code) and is further written to persistent store at the Endblock stage, which may be utilized to build honeypot contracts.Show less
CVE-2021-25835
1Chainsafe
1Ethermint
Nov 21, 2024
Feb 8, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a veri...Show more
Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with the same msg content and chainIDEpoch, which enables "cross-chain transaction replay" attack.Show less
CVE-2021-25834
1Chainsafe
1Ethermint
Nov 21, 2024
Feb 8, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application.