Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Drainage of FeeCollector's Block Transaction Fees
Vulnerability Description
Cronos is a commercial implementation of a blockchain. In Cronos nodes running versions before v0.6.5, it is possible to take transaction fees from Cosmos SDK's FeeCollector for the current block by sending a custom crafted MsgEthereumTx. This problem has been patched in Cronos v0.6.5. There are no tested workarounds. All validator node operators are recommended to upgrade to Cronos v0.6.5 at their earliest possible convenience.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
控制流实现总是不正确
Vulnerability Title
Cronos 安全漏洞
Vulnerability Description
Cronos是一个 Crypto.org Evm 链。旨在大规模扩展 DeFi 生态系统。 Cronos 存在安全漏洞,该漏洞源于在运行v0.6.5之前版本的Cronos节点中,可以通过发送定制的MsgEthereumTx从Cosmos SDK的FeeCollector收取当前块的交易费用。此问题已在Cronos v0.6.5中修复。没有经过测试的变通方法。建议所有验证器节点操作符尽可能早地升级到Cronos v0.6.5。
CVSS Information
N/A
Vulnerability Type
N/A