Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ethermint DoS through Unintended Contract Selfdestruct
Vulnerability Description
Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract's code is recovered. The new contract deployment restores the `bytecode hash -> bytecode` entry in the internal state.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Vulnerability Type
将资源暴露给错误范围
Vulnerability Title
Ethermint 安全漏洞
Vulnerability Description
Ethermint是一个 Cosmos SDK 库,用于运行可扩展和可互操作的 EVM 链。 Ethermint v0.18.0之前版本存在安全漏洞,该漏洞源于DeleteAccount函数中的错误,所有使用相同字节码的合约也将在一个合约调用selfdestruct`时停止工作,即使其他合约没有调用 selfdestruct操作码。
CVSS Information
N/A
Vulnerability Type
N/A