GHSA-v6rw-hhgg-wc4x: Evmos vulnerable to DOS and transaction fee expropiation through Authz exploit

April 17, 2024

What kind of vulnerability is it? Who is impacted?

An attacker can use this bug to bypass the block gas limit and gas payment completely to perform a full Denial-of-Service against the chain.

References

github.com/advisories/GHSA-v6rw-hhgg-wc4x
github.com/evmos/evmos
github.com/evmos/evmos/security/advisories/GHSA-v6rw-hhgg-wc4x

Code Behaviors & Features

Detect and mitigate GHSA-v6rw-hhgg-wc4x with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →