Improper Access Control Affecting github.com/evmos/evmos/v13 package, versions *
Snyk CVSS
Attack Complexity
Low
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMEVMOSEVMOSV13-6666659
- published 19 Apr 2024
- disclosed 17 Apr 2024
- credit Unknown
How to fix?
There is no fixed version for github.com/evmos/evmos/v13
.
Overview
Affected versions of this package are vulnerable to Improper Access Control due to the improper validation in the CreateClawbackVestingAccount
method. An attacker can create a new vesting account at a given address before a contract is created on that address by exploiting the deterministic nature of smart contract addresses in the EVM. This could prevent smart contracts from being deployed correctly to those addresses.