CVE-2021-43839 – github.com/tharsis/ethermint

Package

Manager: go
Name: github.com/tharsis/ethermint
Vulnerable Version: >=0.8.0 <0.10.0 || >=0 <0.7.3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00289 pctl0.51874

Details

Drainage of FeeCollector's Block Transaction Fees in cronos ### Impact In Cronos nodes running versions before v0.6.5, it is possible to take transaction fees from Cosmos SDK's FeeCollector for the current block by sending a custom crafted MsgEthereumTx. User funds and balances are safe. ### Patches This problem has been patched in Cronos v0.6.5 on the mempool level. The next network upgrade with consensus-breaking changes will patch it on the consensus level. ### Workarounds There are no tested workarounds. All validator node operators are recommended to upgrade to Cronos v0.6.5 at their earliest possible convenience. ### Credits Thank you to @zb3 for reporting this issue on [Cronos Immunefi Bug Bounty Program](https://immunefi.com/bounty/cronos/), to @cyril-crypto for reproducing the issue and to @yihuang and @thomas-nguy for patching the issue on the CheckTx (mempool) and the DeliverTx (consensus) levels. ### For more information If you have any questions or comments about this advisory: * Open a discussion in [crypto-org-chain/cronos](https://github.com/crypto-org-chain/cronos/discussions/new) * Email us at [chain@crypto.org](mailto:chain@crypto.org)

Metadata

Created: 2022-01-06T18:30:54Z
Modified: 2022-01-06T20:21:28Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-f854-hpxv-cw9r/GHSA-f854-hpxv-cw9r.json
CWE IDs: ["CWE-670"]
Alternative ID: GHSA-f854-hpxv-cw9r
Finding: F164
Auto approve: 1