Lucene search

Veracode Vulnerability DatabaseVERACODE:47599

HistoryJun 18, 2024 - 8:32 a.m.

Insufficient Control Flow Management

2024-06-1808:32:56

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

evmos

vulnerability

control flow management

cosmos

ethereum

clawback account

precompile

sdk module

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

AI Score

6.7

Confidence

Low

JSON

Evmos is vulnerable to Insufficient Control Flow Management. The vulnerability is due to different ante handler checks for Cosmos and Ethereum transactions, allowing a clawback account to bypass Cosmos checks by sending an Ethereum transaction targeting a precompile used to interact with a Cosmos SDK module.

References

github.com/evmos/evmos/commit/b2a09ca66613d8b04decd3f2dcba8e1e77709dcb

github.com/evmos/evmos/security/advisories/GHSA-pxv8-qhrh-jc7v

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

AI Score

6.7

Confidence

Low

JSON

Related for VERACODE:47599