Vulnerability Details CVE-2021-25836
Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. The bytecode set in a FAILED transaction wrongfully remains in memory(stateObject.code) and is further written to persistent store at the Endblock stage, which may be utilized to build honeypot contracts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 65.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2021-25836
-
cpe:2.3:a:chainsafe:ethermint:0.1.0
-
cpe:2.3:a:chainsafe:ethermint:0.2.0
-
cpe:2.3:a:chainsafe:ethermint:0.2.1
-
cpe:2.3:a:chainsafe:ethermint:0.3.0
-
cpe:2.3:a:chainsafe:ethermint:0.3.1
-
cpe:2.3:a:chainsafe:ethermint:0.4.0