Always-Incorrect Control Flow Implementation Affecting github.com/tharsis/evmos Open this link in a new tab package, versions *


0.0
high
  • Attack Complexity

    Low

  • Integrity

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-GOLANG-GITHUBCOMTHARSISEVMOS-2331757

  • published

    7 Jan 2022

  • disclosed

    6 Jan 2022

  • credit

    @zb3

How to fix?

There is no fixed version for github.com/tharsis/evmos.

Overview

github.com/tharsis/evmos is a scalable, high-throughput Proof-of-Stake blockchain that is fully compatible and interoperable with Ethereum. It's built using the Cosmos SDK which runs on top of Tendermint Core consensus engine.

Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation as it is possible to take transaction fees from Cosmos SDK's FeeCollector for the current block by sending a custom crafted MsgEthereumTx.

User funds and balances are safe.