evmos/ethermint is vulnerable to denial of service. The vulnerability exists in the “deleteaccount” function in statedb.go
due to improper access control which allows an attacker to crash the system by sending a specially-crafted request using the self-destruct function
github.com/crypto-org-chain/cronos/commit/386b739eacec508a2484d94ab95b971f97d9d940
github.com/crypto-org-chain/cronos/pull/440
github.com/evmos/ethermint/blob/c9d42d667b753147977a725e98ed116c933c76cb/x/evm/keeper/statedb.go#L199-L203
github.com/evmos/ethermint/commit/144741832007a26dbe950512acbda4ed95b2a451
github.com/evmos/ethermint/security/advisories/GHSA-f92v-grc2-w2fg
github.com/evmos/evmos/commit/a29659527e65015bac15a7891dd23392e09c61c0
github.com/evmos/evmos/pull/815
github.com/Kava-Labs/kava/commit/29096459253ce1edade676fe8651b87e729c89d8
github.com/Kava-Labs/kava/pull/1288