GHSA-8pfh-j44r-f654: 
vulnerability analysis and mitigation

A critical vulnerability (GHSA-8pfh-j44r-f654) was discovered in the Cosmos EVM module affecting versions >= 0.3.0, < 0.3.2 and >= 0.4.0, < 0.4.2. The vulnerability was disclosed on October 21, 2025, and involves a critical state desynchronization issue between the Cosmos SDK's native bank module and the EVM's state database (GitHub Advisory).

The vulnerability stems from two primary issues: an improper state reversion in the EVM's snapshot mechanism that failed to account for the SDK's EventManager, and shared global state issues in precompiles. The EVM's snapshot and revert mechanism did not properly handle event clearing from reverted operations, while a single shared instance of BalanceHandler was incorrectly used across all precompile executions within transactions. This combination allowed potential exploitation through crafted transactions triggering recursive precompile calls with reverts, leading to incorrect balance updates in the EVM's stateDB (Miggo).

The vulnerability could lead to a chain halt through state desynchronization between the Cosmos SDK's native bank module and the EVM's state database. This desynchronization could result in incorrect balance updates and potential exploitation of the system's state management (GitHub Advisory).

The vulnerability has been patched in versions v0.3.1, v0.4.2, and v0.5.0. No workarounds are available for chains using static or dynamic precompiles, and upgrading is strongly recommended. The patches include modifications to StateDB.Snapshot and StateDB.RevertToSnapshot for correct event management, and the introduction of a BalanceHandlerFactory to prevent state corruption in recursive calls (GitHub Advisory).