CVE-2024-51424 identifies a critical security flaw in the PepeGxng smart contract deployed on the Ethereum blockchain. The vulnerability resides in the Owned.setOwner function, which is intended to control ownership changes within the contract. Due to improper access control, remote attackers can invoke this function without any privileges, authentication, or user interaction, thereby gaining unauthorized ownership rights. The vulnerability is classified under CWE-94, which typically involves improper control of code or script execution, suggesting that attackers might execute arbitrary code or commands within the contract context. The CVSS v3.1 score of 9.8 reflects the high impact on confidentiality, integrity, and availability, as attackers could fully compromise the contract's ownership and potentially manipulate its state or assets. Despite the severity, some third parties dispute the impact, arguing that the effect is limited to function calls; however, given the function controls ownership, the risk remains substantial. No patches or fixes have been published yet, and no active exploitation has been reported. This vulnerability highlights the risks inherent in smart contract design, especially regarding access control and ownership management on decentralized platforms like Ethereum.

The exploitation of CVE-2024-51424 could have devastating consequences for organizations and individuals relying on the PepeGxng smart contract or similar Ethereum-based contracts. Unauthorized attackers gaining ownership control can manipulate contract logic, transfer assets, or disrupt services, leading to significant financial losses and reputational damage. The vulnerability threatens the confidentiality of contract data, the integrity of contract operations, and the availability of contract services. Given the decentralized and immutable nature of blockchain transactions, recovery from such attacks is complex and costly. Additionally, compromised contracts can undermine trust in blockchain applications and ecosystems, potentially affecting broader adoption. Organizations using or integrating with PepeGxng or related contracts must consider the risk of asset theft, fraud, and operational disruption. The absence of known exploits in the wild currently limits immediate impact, but the high severity score and ease of exploitation without authentication make this a critical threat to monitor closely.

To mitigate CVE-2024-51424, organizations should immediately audit all instances of the PepeGxng smart contract in their environment and any dependent systems. Restrict access to the Owned.setOwner function by implementing strict access control mechanisms, such as role-based permissions or multi-signature requirements, to prevent unauthorized calls. Where possible, redeploy updated versions of the contract with corrected ownership management logic that enforces proper authentication and authorization checks. Employ runtime monitoring tools to detect anomalous transactions or ownership changes on the blockchain. Engage with the smart contract developers or community to obtain or contribute patches addressing this vulnerability. Additionally, consider using formal verification tools to validate smart contract logic and prevent similar vulnerabilities. For critical assets, implement off-chain controls and insurance mechanisms to mitigate financial risks. Educate developers and auditors on secure smart contract design principles, emphasizing the importance of access control and ownership validation.