Lucene search

Veracode Vulnerability DatabaseVERACODE:47462

HistoryJun 11, 2024 - 6:07 a.m.

Incorrect Calculation

2024-06-1106:07:58

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

github

evmos

vulnerability

calculation

spendable balance

delegation

vested tokens

attackers

clawback

unvested tokens

manipulation

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

github.com/evmos/evmos is vulnerable to Incorrect Calculation. The vulnerability is due to a failure to update the spendable balance correctly when delegating vested tokens, allowing attackers with clawback vesting accounts to manipulate the system to treat unvested tokens as though they were available

CPENameOperatorVersion
github.com/evmos/evmoslev17.0.1
github.com/evmos/evmoslev17.0.1

CPE	Name	Operator	Version
	github.com/evmos/evmos	le	v17.0.1
	github.com/evmos/evmos	le	v17.0.1

References

github.com/evmos/evmos/commit/b2a09ca66613d8b04decd3f2dcba8e1e77709dcb

github.com/evmos/evmos/security/advisories/GHSA-pxv8-qhrh-jc7v

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for VERACODE:47462