CVE-2022-36061

Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.35, read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B state, the state will be altered for contract B as if the call was not made in the read-only mode. This can lead to some effects not designed by the original smart contracts programmers. This issue was patched in version 1.3.35. There are no known workarounds.

Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.35, read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B state, the state will be altered for contract B as if the call was not made in the read-only mode. This can lead to some effects not designed by the original smart contracts programmers. This issue was patched in version 1.3.35. There are no known workarounds.

Elrond-go has improper initialization in github.com/ElrondNetwork/elrond-go

### Impact Read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B state, the state will be altered for contract B as if the call was not made in the read-only mode. This can lead to some effects not designed by the original smart contracts programmers. ### Patches Patch v1.3.35 or higher ### Workarounds No workaround ### References For future reference and understanding of this issue, anyone can check this integration test https://github.com/ElrondNetwork/elrond-go/blob/8e402fa6d7e91e779980122d3798b2bf50892945/integrationTests/vm/txsFee/asyncESDT_test.go#L452 that proves the fix and prevents a future code regression. ### For more information If you have any questions or comments about this advisory: * Open an issue in elrond-go ([http://github.com/ElrondNetwork/elrond-go/issues](https://github.com/ElrondNetwork/elrond-go/issues))

Elrond go es la implementación go para el protocolo de la Red Elrond. En versiones anteriores a la 1.3.35, las llamadas de sólo lectura entre contratos pueden generar resultados de contratos inteligentes. Por ejemplo, si el contrato A llama en modo de sólo lectura al contrato B y la función llamada realiza cambios sobre el estado del contrato B, el estado será alterado para el contrato B como si la llamada no fuera realizada en modo de sólo lectura. Esto puede conllevar a algunos efectos no diseñados por los programadores de los contratos inteligentes originales. Este problema fue parcheado en versión 1.3.35. No se presentan mitigaciones conocidas.