- Reported
-
- Issued
-
- Package
-
cosmwasm-vm
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Keywords
-
#resource-consumption
- Aliases
-
- References
-
- Patched
-
>=1.5.7, <2.0.0>=2.0.6, <2.1.0>=2.1.3
Description
Some Wasm operations take significantly more gas than our benchmarks indicated. This can lead to missing the gas target we defined by a factor of ~10x. This means a malicious contract could take 10 times as much time to execute as expected, which can be used to temporarily DoS a chain.
For more information, see CWA-2024-004.
Advisory available under CC0-1.0
license.