Always-Incorrect Control Flow Implementation Affecting Open this link in a new tab package, versions *

  • Attack Complexity


  • Integrity


Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id


  • published

    7 Jan 2022

  • disclosed

    6 Jan 2022

  • credit


How to fix?

There is no fixed version for

Overview is a scalable, high-throughput Proof-of-Stake blockchain that is fully compatible and interoperable with Ethereum. It's built using the Cosmos SDK which runs on top of Tendermint Core consensus engine.

Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation as it is possible to take transaction fees from Cosmos SDK's FeeCollector for the current block by sending a custom crafted MsgEthereumTx.

User funds and balances are safe.