81 matches found
CVE-2022-39242
CVE-2022-39242 affects Frontier, an Ethereum compatibility layer for Substrate. The root cause is that the worst-case weight was always counted as the block weight in all cases, allowing large EVM gas refunds to enable block spamming and inflate chain gas prices. The impact is limited: attack cos...
CVE-2022-39242 Incorrect Calculation in Frontier leads to inflated Ethereum chain gas prices
Frontier is an Ethereum compatibility layer for Substrate. Prior to commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can constru...
Frontier 安全漏洞
Frontier is an EtherCompatible layer for Substrate. It is used to run unmodified Ethernet Dapps. Frontier has a security vulnerability that stems from the fact that the worst-case weight is always used as the block weight for all cases...
CVE-2022-36008
Frontier is Substrate's Ethereum compatibility layer. A security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would cause the exit reason being incorrectly parsed and returned by RPC. In debug build, this would cause ...
Code injection
Frontier is Substrate's Ethereum compatibility layer. A security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would cause the exit reason being incorrectly parsed and returned by RPC. In debug build, this would cause ...
CVE-2022-36008
Frontier (Substrate’s Ethereum compatibility layer) has a CVE-2022-36008 affecting parsing of the RPC exit reason for EVM reversion. In release builds, the RPC could return an incorrectly parsed exit reason; in debug builds, an overflow panic could occur. The issue is only relevant if a bridge no...
CVE-2022-36008 Message length overflow in frontier
Frontier is Substrate's Ethereum compatibility layer. A security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would cause the exit reason being incorrectly parsed and returned by RPC. In debug build, this would cause ...
CVE-2022-31111
Frontier is Substrate's Ethereum compatibility layer. In affected versions the truncation done when converting between EVM balance type and Substrate balance type was incorrectly implemented. This leads to possible discrepancy between appeared EVM transfer value and actual Substrate value...
Design/Logic Flaw
Frontier is Substrate's Ethereum compatibility layer. In affected versions the truncation done when converting between EVM balance type and Substrate balance type was incorrectly implemented. This leads to possible discrepancy between appeared EVM transfer value and actual Substrate value...
CVE-2022-31111 Discrepency in transfer value and actual value due to incorrect truncation in Frontier
Frontier is Substrate's Ethereum compatibility layer. In affected versions the truncation done when converting between EVM balance type and Substrate balance type was incorrectly implemented. This leads to possible discrepancy between appeared EVM transfer value and actual Substrate value...
CVE-2022-31111
Frontier (Substrate’s Ethereum compatibility layer) is affected by a truncation error when converting between EVM balance type and Substrate balance type. In affected versions this can cause a discrepancy between the appeared EVM transfer value and the actual Substrate value transferred. The issu...
CVE-2022-31111 Discrepency in transfer value and actual value due to incorrect truncation in Frontier
Frontier is Substrate's Ethereum compatibility layer. In affected versions the truncation done when converting between EVM balance type and Substrate balance type was incorrectly implemented. This leads to possible discrepancy between appeared EVM transfer value and actual Substrate value...
Frontier 安全漏洞
Frontier is an EtherCompatible layer for Substrate. It is used to run unmodified Ethernet Dapps. Frontier suffers from a security vulnerability that stems from the truncation done during the conversion between EVM Balance Type and Substrate Balance Type being incorrectly implemented, resulting in...
Malicious code in qiwi-substrate-monorepo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc244b702c1e5c4fb1122683ac5e3f9f514f35c8a21511e6b11fd6a07e41beac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5544 Malicious code in qiwi-substrate-monorepo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc244b702c1e5c4fb1122683ac5e3f9f514f35c8a21511e6b11fd6a07e41beac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Frontier numeric error vulnerability
Frontier is an ethereum-compatible layer of Substrate. A numeric error vulnerability exists in Frontier, which stems from a bug in Frontier's pre-compiled implementation of MODEXP that could lead to integer underflow in some cases. This would cause the node of the debug build to crash. No detaile...
Integer overflow
Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds and...
CVE-2022-21685 Integer underflow in Frontier
Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds and...
CVE-2022-21685
CVE-2022-21685 affects Frontier’s MODEXP precompile in Substrate’s Ethereum compatibility layer. The root cause is a bug in the MODEXP precompile that can trigger an integer underflow. Impact: Debug builds: possible node crash Release/WebAssembly: limited impact to EVM out-of-gasMitigation: apply...
Frontier 数字错误漏洞
Frontier is an ethereum-compatible layer of Substrate. A numeric error vulnerability exists in Frontier, which stems from a bug in Frontier's pre-compiled implementation of MODEXP that could lead to integer underflow in some cases. This would cause the node of the debug build to crash. No detaile...