CVE-2022-39354

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the `is_static` parameter to determine if the call is executed in a static context (via `STATICCALL`), and thus decide if stateful operations should be done. Prior to version 0.36.0, the passed `is_static` parameter was incorrect -- it was only set to `true` if the call came from a direct `STATICCALL` opcode. However, once a static call context is entered, it should stay static. The issue only impacts custom precompiles that actually uses `is_static`. For those affected, the issue can lead to possible incorrect state transitions. Version 0.36.0 contains a patch. There are no known workarounds.

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the `is_static` parameter to determine if the call is executed in a static context (via `STATICCALL`), and thus decide if stateful operations should be done. Prior to version 0.36.0, the passed `is_static` parameter was incorrect -- it was only set to `true` if the call came from a direct `STATICCALL` opcode. However, once a static call context is entered, it should stay static. The issue only impacts custom precompiles that actually uses `is_static`. For those affected, the issue can lead to possible incorrect state transitions. Version 0.36.0 contains a patch. There are no known workarounds.

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the `is_static` parameter to determine if the call is executed in a static context (via `STATICCALL`), and thus decide if stateful operations should be done. Prior to version 0.36.0, the passed `is_static` parameter was incorrect -- it was only set to `true` if the call came from a direct `STATICCALL` opcode. However, once a static call context is entered, it should stay static. The issue only impacts custom precompiles that actually uses `is_static`. For those affected, the issue can lead to possible incorrect state transitions.

### Impact A custom stateful precompile can use the `is_static` parameter to determine if the call is executed in a static context (via `STATICCALL`), and thus decide if stateful operations should be done. Previously, the passed `is_static` parameter was incorrect -- it was only set to `true` if the call comes from a **direct** `STATICCALL` opcode. However, once a static call context is entered, it should stay static. The issue only impacts custom precompiles that actually uses `is_static`. The maintainers estimate the usage is low. However, for those affected, it can lead to possible incorrect state transitions. ### Patches PR: https://github.com/rust-blockchain/evm/pull/133 Released in v0.36.0. Older patch versions can be released on request if anyone needs them. Simply contact @sorpaas by email to request it. ### For more information If you have any questions or comments about this advisory: * Open an issue in [evm repo](https://github.com/rust-blockchain/evm) * Email Wei at [wei@that.world](mailto:wei@that.world)

SputnikVM, también llamado evm, es una implementación en Rust de la máquina virtual de Ethereum. Una precompilación personalizada con estado puede usar el parámetro "is_static" para determinar si la llamada es ejecutada en un contexto estático (por medio de "STATICCALL"), y así decidir si es debido realizar operaciones con estado. versiones anteriores a 0.36.0, el parámetro pasado "is_static" era incorrecto -- sólo se ponía a "true" si la llamada provenía de un opcode directo "STATICCALL". Sin embargo, una vez que es introducido un contexto de llamada estática, debería permanecer estático. El problema sólo afecta a los precompiladores personalizados que realmente usan "is_static". Para los afectados, el problema puede conllevar a posibles transiciones de estado incorrectas. La versión 0.36.0 contiene un parche. No se presentan mitigaciones conocidas