Cache Lifecycle Inconsistency in Cosmos Network Ethermint <= v0.4.0: Exploitable Honeypot Contract Vulnerability

Cache Lifecycle Inconsistency in Cosmos Network Ethermint <= v0.4.0: Exploitable Honeypot Contract Vulnerability

CVE-2021-25836 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. The bytecode set in a FAILED transaction wrongfully remains in memory(stateObject.code) and is further written to persistent store at the Endblock stage, which may be utilized to build honeypot contracts.

Learn more about our Network Penetration Testing.