Mining Rewards Vulnerability in Go Ethereum
CVE-2022-37450

5.9MEDIUM

Key Information:

Vendor

Ethereum

Status
Go Ethereum
Vendor
CVE Published:
5 August 2022

What is CVE-2022-37450?

This vulnerability in Go Ethereum (geth) enables attackers to exploit certain situations to increase mining rewards. By manipulating time-difference values, malicious actors can replace main-chain blocks, a technique known as Riskless Uncle Making (RUM). This issue was actively exploited in the wild between 2020 and 2022, raising significant concerns over the integrity of blockchain transactions and mining processes.

References

https://github.com/ethereum/go-ethereum/blob/671094279e8d...
x_refsource_MISC
https://medium.com/%40aviv.yaish/uncle-maker-time-stampin...
x_refsource_MISC
http://dx.doi.org/10.13140/RG.2.2.27813.99043
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.