Token Minting Vulnerability in Evmos Blockchain
CVE-2024-32644

9.1CRITICAL

Key Information:

Vendor: Evmos
Status: Evmos Blockchain
Vendor: CVE Published:; 19 April 2024

What is CVE-2024-32644?

Evmos, a high-throughput Proof-of-Stake EVM blockchain, is vulnerable to an exploit that allows the minting of arbitrary tokens. This issue arises from a desynchronized state between the Cosmos SDK and EVM during transaction execution. When the stateDB.Commit() method is invoked, it checks for differences in storage states. If a contract's storage remains unchanged before and after a transaction yet is modified during execution, an attacker can manipulate external contract calls, leading to non-atomic transactions. This vulnerability poses significant risks, as it can potentially drain funds through clever smart contract interactions. The incident has been remedied in versions 17.0.0 and later.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/evmos/evmos/security/advisories/GHSA-3...

https://github.com/evmos/evmos/commit/08982b5ee726b97bc50...

https://github.com/evmos/evmos/blob/b196a522ba4951890b409...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2024

JSON

Evmos

What is CVE-2024-32644?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.