Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. The spendable balance is not updated properly when delegating vested tokens. The issue allows a clawback vesting account to anticipate the release of unvested tokens. This vulnerability is fixed in 18.0.0.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/evmos/evmos/v17(Go) | 0 | 18.0.0 | N/A |
| github.com/evmos/evmos/v16(Go) | 0 | 18.0.0 | N/A |
| github.com/evmos/evmos/v15(Go) | 0 | 18.0.0 | N/A |
| github.com/evmos/evmos/v14(Go) | 0 | 18.0.0 | N/A |
| github.com/evmos/evmos/v13(Go) | 0 | 18.0.0 | N/A |
| github.com/evmos/evmos/v12(Go) | 0 | 18.0.0 | N/A |
| github.com/evmos/evmos/v11(Go) | 0 | 18.0.0 | N/A |
| github.com/evmos/evmos/v10(Go) | 0 | 18.0.0 | N/A |
| github.com/evmos/evmos/v9(Go) | 0 | 18.0.0 | N/A |
| github.com/evmos/evmos/v8(Go) | 0 | 18.0.0 | N/A |
| github.com/evmos/evmos/v7(Go) | 0 | 18.0.0 | N/A |
| github.com/evmos/evmos/v6(Go) | 0 | 18.0.0 | N/A |
CVSS Metrics
