Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
evm has incorrect is_static parameter for custom stateful precompiles
Vulnerability Description
SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the `is_static` parameter to determine if the call is executed in a static context (via `STATICCALL`), and thus decide if stateful operations should be done. Prior to version 0.36.0, the passed `is_static` parameter was incorrect -- it was only set to `true` if the call came from a direct `STATICCALL` opcode. However, once a static call context is entered, it should stay static. The issue only impacts custom precompiles that actually uses `is_static`. For those affected, the issue can lead to possible incorrect state transitions. Version 0.36.0 contains a patch. There are no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
控制流实现总是不正确
Vulnerability Title
SputnikVM 安全漏洞
Vulnerability Description
SputnikVM是rust-blockchain个人开发者的基于Rust的以太坊虚拟机实现。 SputnikVM 0.36.0之前版本存在安全漏洞,该漏洞源于传递的is_static参数是不正确,该问题可能导致不正确的状态转换。
CVSS Information
N/A
Vulnerability Type
N/A