Vulnerability CVE-2022-36061
Published: 2022-09-06

Description:
Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.35, read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B state, the state will be altered for contract B as if the call was not made in the read-only mode. This can lead to some effects not designed by the original smart contracts programmers. This issue was patched in version 1.3.35. There are no known workarounds.

Type:

CWE-665

 (Improper Initialization)

 References:
https://github.com/ElrondNetwork/elrond-go/releases/tag/v1.3.35
https://github.com/ElrondNetwork/elrond-go/blob/8e402fa6d7e91e779980122d3798b2bf50892945/integrationTests/vm/txsFee/asyncESDT_test.go#L452
https://github.com/ElrondNetwork/elrond-go/security/advisories/GHSA-mv8x-668m-53fg
Copyright 2024, cxsecurity.com

 

Back to Top