Component: wasmvm Criticality: Medium (ACMv1: I:Moderate; L:Likely) Patched versions: wasmvm 1.5.4, 2.0.3, 2.1.2
Some Wasm operations take significantly more gas than our benchmarks indicated. This can lead to missing the gas target we defined by a factor of ~10x. This means a malicious contract could take 10 times as much time to execute as expected, which can be used to temporarily DoS a chain.
See CWA-2024-004 for more details.
{ "nvd_published_at": null, "cwe_ids": [ "CWE-920" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-08-08T16:30:50Z" }