Specification non-compliance in JUMPI
Description
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In evm crate < 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a high severity security advisory if you use evm crate for Ethereum mainnet. In this case, you should update your library dependency immediately to on or after 0.31.0. This is a low severity security advisory if you use evm crate in Frontier or in a standalone blockchain, because there's no security exploit possible with this advisory. It is not recommended to update to on or after 0.31.0 until all the normal chain upgrade preparations have been done. If you use Frontier or other pallet-evm based Substrate blockchain, please ensure to update your spec_version before updating this. For other blockchains, please make sure to follow a hard-fork process before you update this.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
EVM crate < 0.31.0 checks JUMPI destination validity before condition, violating Ethereum spec; high risk on mainnet, low elsewhere.
Vulnerability
The evm crate (pure Rust Ethereum Virtual Machine) versions prior to 0.31.0 implement the JUMPI opcode incorrectly: the destination validity check is performed before the condition check. According to Geth and OpenEthereum, the condition should be evaluated first. This out-of-order execution deviates from the Ethereum specification, affecting all uses of the crate before the fix [1][3].
Exploitation
For Ethereum mainnet scenarios, an attacker could craft a sequence of opcodes where a jump to an invalid destination is conditionally skipped, but the implementation incorrectly validates the destination before checking the condition. This could lead to unexpected state transitions or denial-of-service. However, for Frontier or standalone blockchains, no exploitable scenario has been identified, as the non-compliance does not produce a security-relevant outcome in those contexts [1][3].
Impact
On Ethereum mainnet, the impact is high severity: an attacker could potentially force the EVM to enter an inconsistent state, leading to incorrect execution, consensus failures, or resource exhaustion. For other environments (Frontier, standalone chains), the advisory rates this as low severity because no practical exploit is possible [1][3].
Mitigation
The vulnerability is fixed in evm crate version 0.31.0 (released October 2021) via pull request #67 [2]. Users on Ethereum mainnet should update immediately. Users of Frontier or pallet-evm based Substrate chains should coordinate a hard-fork or spec_version bump before updating to avoid chain splits. For older versions that cannot be directly updated, contact the maintainers for patch releases. No workaround exists that fully restores spec compliance without a code change [3][4].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
evmcrates.io | < 0.31.0 | 0.31.0 |
Affected products
2- rust-blockchain/evmv5Range: < 0.31.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-pvh2-pj76-4m96ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-41153ghsaADVISORY
- github.com/rust-blockchain/evm/pull/67ghsax_refsource_MISCWEB
- github.com/rust-blockchain/evm/security/advisories/GHSA-pvh2-pj76-4m96ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.