{"uuid": "a5b6949b-2f0d-45f4-9217-7eff656d128b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39137", "type": "published-proof-of-concept", "source": "https://t.me/tech_b0lt_Genona/3007", "content": "> The first erroneous computation example is CVE-2021-39137 which is an interesting go-ethereum bug identified by Guido Vranken. The bug caused a netsplit in the Ethereum network and essentially results from the ability to have a mutable and non-mutable slice referencing the same chunk of memory. \n\nA deeper dive into CVE-2021-39137 \u2013 a Golang security bug that Rust would have prevented\nhttps://research.nccgroup.com/2022/02/07/a-deeper-dive-into-cve-2021-39137-a-golang-security-bug-that-rust-would-have-prevented/\n\n\u0418 \u0447\u0442\u043e \u0431 \u0434\u0432\u0430 \u0440\u0430\u0437\u0430 \u043d\u0435 \u0432\u0441\u0442\u0430\u0432\u0430\u0442\u044c. \u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0439 \u043f\u043e\u0441\u0442\n\n> On 2/2/2022, I reported a critical security issue to Optimism\u2014an \"L2 scaling solution\" for Ethereum\u2014that would allow an attacker to replicate money on any chain using their \"OVM 2.0\" fork of go-ethereum (which they call l2geth).\n\nAttacking an Ethereum L2 with Unbridled Optimism\nhttps://www.saurik.com/optimism.html", "creation_timestamp": "2022-02-11T08:04:20.000000Z"}