Execution Failure Vulnerability in Ethereum's Py-EVM Product
CVE-2018-18920
8.8HIGH
What is CVE-2018-18920?
The Py-EVM version v0.2.0-alpha.33 is susceptible to a vulnerability that enables malicious actors to invoke the vm.execute_bytecode call improperly. This flaw allows attackers to manipulate the virtual machine's stack with incorrect values, namely using '[100, 100, 0]' when a different byte sequence was expected. The improper handling of these inputs results in an execution failure due to an invalid opcode. Additionally, this vulnerability raises concerns regarding the execution of smart contracts, potentially allowing operations to run indefinitely without the necessary gas fees.