CVE-2022-35936
Ethermint DoS through Unintended Contract Selfdestruct
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract's code is recovered. The new contract deployment restores the `bytecode hash -> bytecode` entry in the internal state.
Ethermint es una biblioteca de Ethereum. En las versiones de Ethermint anteriores a "v0.17.2", la invocación del contrato "selfdestruct" elimina permanentemente el bytecode correspondiente del almacenamiento interno de la base de datos. Sin embargo, debido a un error en la función "DeleteAccount", todos los contratos que usaban el mismo bytecode (es decir, compartían el mismo "CodeHash") también dejarán de funcionar una vez que un contrato invoque "selfdestruct", aunque los demás contratos no hayan invocado el OPCODE "selfdestruct". Esta vulnerabilidad ha sido parcheada en Ethermint versión v0.18.0. El parche presenta cambios que rompen el estado de las aplicaciones que usan Ethermint, por lo que es requerido un procedimiento de actualización coordinado. Se presenta una mitigación alternativa. Si un contrato es objeto de DoS debido a este problema, el usuario puede volver a desplegar el mismo contrato, es decir, con idéntico bytecode, de modo que sea recuperado el código del contrato original. El nuevo despliegue del contrato restaura la entrada "bytecode hash -) bytecode" en el estado interno
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-07-15 CVE Reserved
- 2022-08-05 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-10-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-668: Exposure of Resource to Wrong Sphere
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://github.com/evmos/ethermint/security/advisories/GHSA-f92v-grc2-w2fg | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/evmos/ethermint/blob/c9d42d667b753147977a725e98ed116c933c76cb/x/evm/keeper/statedb.go#L199-L203 | 2024-08-03 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/evmos/ethermint/commit/144741832007a26dbe950512acbda4ed95b2a451 | 2022-08-13 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Evmos Search vendor "Evmos" | Ethermint Search vendor "Evmos" for product "Ethermint" | < 0.18.0 Search vendor "Evmos" for product "Ethermint" and version " < 0.18.0" | - |
Affected
| ||||||
| Kava Search vendor "Kava" | Kava Search vendor "Kava" for product "Kava" | < 0.18.0 Search vendor "Kava" for product "Kava" and version " < 0.18.0" | - |
Affected
| ||||||
| Crypto Search vendor "Crypto" | Cronos Search vendor "Crypto" for product "Cronos" | <= 0.7.0 Search vendor "Crypto" for product "Cronos" and version " <= 0.7.0" | - |
Affected
| ||||||
| Evmos Search vendor "Evmos" | Evmos Search vendor "Evmos" for product "Evmos" | < 7.0.0 Search vendor "Evmos" for product "Evmos" and version " < 7.0.0" | - |
Affected
| ||||||