Evmos vulnerable to exploit of smart contract account and vesting
This advisory board aims to describe two vulnerabilities found in the Evmos codebase: Authorization check on the fundVestingAccount: unauthorized spend of funds.
This advisory board aims to describe two vulnerabilities found in the Evmos codebase: Authorization check on the fundVestingAccount: unauthorized spend of funds.
What kind of vulnerability is it? Who is impacted? At the moment, users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via ClawbackVestingAccount.
Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server.