CVE-2024-39696
📋 TL;DR
This vulnerability in Evmos allows users to create vesting accounts funded by arbitrary third-party addresses without their permission. Attackers could potentially drain funds from any account on the chain. All Evmos nodes running vulnerable versions are affected.
💻 Affected Systems
- Evmos
📦 What is this software?
Evmos by Evmos
⚠️ Risk & Real-World Impact
Worst Case
Complete draining of all accounts on the Evmos chain, leading to total loss of funds and chain compromise.
Likely Case
Targeted attacks draining specific high-value accounts, causing significant financial losses.
If Mitigated
No impact if patched to version 19.0.0 or later with proper access controls.
🎯 Exploit Status
Exploitation requires blockchain transaction submission capability but no special authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 19.0.0
Vendor Advisory: https://github.com/evmos/evmos/security/advisories/GHSA-q6hg-6m9x-5g9c
Restart Required: Yes
Instructions:
1. Stop the Evmos node. 2. Update to version 19.0.0 or later. 3. Restart the node. 4. Verify the version is 19.0.0+.
🔧 Temporary Workarounds
No effective workarounds
allThis is a core protocol vulnerability requiring patching.
🧯 If You Can't Patch
- Consider temporarily halting the Evmos node until patching is possible
- Monitor for suspicious vesting account creation transactions
🔍 How to Verify
Check if Vulnerable:
Check if Evmos version is below 19.0.0 using 'evmosd version' command.Check Version:
evmosd versionVerify Fix Applied:
Confirm version is 19.0.0 or later using 'evmosd version' command.📡 Detection & Monitoring
Log Indicators:
- Unusual vesting account creation transactions
- Transactions with mismatched funder/caller addresses
Network Indicators:
- Spike in vesting account creation
- Transactions draining multiple accounts
SIEM Query:
Search for 'MsgCreateVestingAccount' transactions where funder != caller