CVE-2021-25835

Ethermint, the Ethereum-compatible execution layer for the Cosmos SDK, adopted the same chainIDEpoch and signature schemes as Ethereum to maintain compatibility. This design choice introduced a cross-chain transaction replay vulnerability in versions up to v0.4.0. Because both chains use identical signature verification logic and can interpret different chain IDs (e.g., "Ethereum-1" vs "Ethermint-1") as the same chainIDEpoch, a transaction that was validly signed and executed on one chain can be replayed on the other without modification [1][4].

An attacker exploits this flaw by observing a signed transaction on one chain and rebroadcasting it on a second chain where the same chainIDEpoch is recognized. The attack does not require the attacker to possess the victim's private key; it only relies on the fact that a legitimate signature remains valid across both environments. A prerequisite is that the victim's account nonce on the target chain must be less than or equal to the nonce used in the replayed transaction, which is a common scenario if the victim has not used the account on the second chain [4].

Successful replay allows an attacker to make the victim's account on the second chain execute arbitrary transactions that the victim originally signed on the first chain. This could lead to unauthorized transfer of assets, token minting, or other state changes, depending on the content of the replayed message. The impact is particularly severe for users who hold accounts with the same key on both an Ethereum network and an Ethermint-based chain [4].

The vulnerability was addressed in Ethermint v0.4.1, released on March 1, 2021. The fix includes improvements to the nonce check in the EVM module's AnteHandler, ensuring that the nonce is explicitly matched rather than simply validated as greater than the current nonce [2][3]. Users should update to v0.4.1 or later to mitigate the risk.