CVE-2021-25836

EUVD-2021-12717
Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. The bytecode set in a FAILED transaction wrongfully remains in memory(stateObject.code) and is further written to persistent store at the Endblock stage, which may be utilized to build honeypot contracts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
Affected Products (NVD)
VendorProductVersion
chainsafeethermint
𝑥
≤ 0.4.0
𝑥
= Vulnerable software versions
References
https://github.com/cosmos/ethermint/issues/667#issuecomment-759284303
https://github.com/cosmos/ethermint/issues/667#issuecomment-759284303