Vulnerability Description
MANTRA is a purpose-built RWA Layer 1 Blockchain, capable of adherence to real world regulatory requirements. Versions 4.0.1 and below do not enforce the tx gas limit in its send hooks. Send hooks can spend more gas than what remains in tx, combined with recursive calls in the wasm contract, potentially amplifying the gas consumption exponentially. This is fixed in version 4.0.2.
Related Weaknesses (CWE)
References
- https://github.com/MANTRA-Chain/mantrachain/commit/30d36c46e9823b56b8f0dcbb66e98
- https://github.com/MANTRA-Chain/mantrachain/security/advisories/GHSA-qwvm-wqq8-8
FAQ
What is CVE-2025-61595?
CVE-2025-61595 is a documented vulnerability. MANTRA is a purpose-built RWA Layer 1 Blockchain, capable of adherence to real world regulatory requirements. Versions 4.0.1 and below do not enforce the tx gas limit in its send hooks. Send hooks can...
How severe is CVE-2025-61595?
CVSS scoring is not yet available for CVE-2025-61595. Check NVD for updates.
Is there a patch for CVE-2025-61595?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.