MANTRA tx gas limit is not enforced in send hooks

8.8 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

Description

MANTRA is a purpose-built RWA Layer 1 Blockchain, capable of adherence to real world regulatory requirements. Versions 4.0.1 and below do not enforce the tx gas limit in its send hooks. Send hooks can spend more gas than what remains in tx, combined with recursive calls in the wasm contract, potentially amplifying the gas consumption exponentially. This is fixed in version 4.0.2.

Basic Information

ID CVE-2025-61595

Source GitHub_M

Published Oct 2, 2025 at 19:36

Modified Oct 2, 2025 at 19:49

Affected Product

Vendor MANTRA-Chain

Product mantrachain

Version < 4.0.2

Affected Versions MANTRA-Chain mantrachain < 4.0.2

CWE Classification

CWE-400 CWE-770

References

{
    "lastseen": "",
    "description": "MANTRA is a purpose-built RWA Layer 1 Blockchain, capable of adherence to real world regulatory requirements. Versions 4.0.1 and below do not enforce the tx gas limit in its send hooks. Send hooks can spend more gas than what remains in tx, combined with recursive calls in the wasm contract, potentially amplifying the gas consumption exponentially. This is fixed in version 4.0.2.",
    "published": "2025-10-02T19:36:41.428Z",
    "modified": "2025-10-02T19:49:51.997Z",
    "type": "cve",
    "title": "MANTRA tx gas limit is not enforced in send hooks",
    "source": "GitHub_M",
    "references": "https://github.com/MANTRA-Chain/mantrachain/security/advisories/GHSA-qwvm-wqq8-8j69\nhttps://github.com/MANTRA-Chain/mantrachain/commit/30d36c46e9823b56b8f0dcbb66e980ca5df284e4",
    "id": "CVE-2025-61595",
    "bulletinFamily": "",
    "cwe": [
        "CWE-400",
        "CWE-770"
    ],
    "cvelist": null,
    "sourceData": "MANTRA-Chain mantrachain < 4.0.2",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "mantrachain",
    "version": "< 4.0.2",
    "vendor": "MANTRA-Chain",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

MANTRA tx gas limit is not enforced in send hooks_CVE-2025-61595