CVE-2021-25837
HIGHCosmos Network Ethermint <= v0.4.0 - Memory Corruption
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2021-25837. PoCs published by iczc.
AI-analyzed exploit summary This repository provides a functional proof-of-concept for CVE-2021-25837, an issue in Ethermint. It includes a Docker setup to replicate the vulnerable environment and a script to configure the Ethermint CLI for testing the vulnerability.
Description
Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage changes caused by a failed transaction are improperly reserved in memory. Although the bad storage cache data will be discarded at EndBlock, it is still valid in the current block, which enables many possible attacks such as an "arbitrary mint token".
Exploits (1)
This repository provides a functional proof-of-concept for CVE-2021-25837, an issue in Ethermint. It includes a Docker setup to replicate the vulnerable environment and a script to configure the Ethermint CLI for testing the vulnerability.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N