Prior to the patch, when executing specific EVM opcodes related to memory operations that use evm_core::Memory::copy_large, the crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack.
In rust-evm, a feature called record_external_operation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack.
A custom stateful precompile can use the is_static parameter to determine if the call is executed in a static context (via STATICCALL), and thus decide if stateful operations should be done. Previously, the passed is_static parameter was incorrect – it was only set to true if the call comes from a direct STATICCALL opcode. However, once a static call context is entered, it should stay static. The issue only impacts …
In evm crate < 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check.