312 matches found
CVE-2025-54427 Polkadot Frontier contains missing `check_inherent` for `note_min_gas_price_target` inflates gas price
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...
CVE-2025-54427 Polkadot Frontier contains missing `check_inherent` for `note_min_gas_price_target` inflates gas price
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...
CVE-2025-54426
Summary: Polkadot Frontier’s Curve25519Add and Curve25519ScalarMul precompiles mis-handle invalid Ristretto point representations in versions before commit 36f70d1, silently treating malformed inputs as the Ristretto identity element and potentially yielding incorrect cryptographic results. This ...
CVE-2025-54426 Polkadot Frontier contains silent failure in Curve25519 arithmetic precompiles with malformed points
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. In versions prior to commit 36f70d1, the Curve25519Add and Curve25519ScalarMul precompiles incorrectly handle invalid Ristretto point representations. Instead of returning an error, they silently treat invali...
CVE-2025-54426 Polkadot Frontier contains silent failure in Curve25519 arithmetic precompiles with malformed points
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. In versions prior to commit 36f70d1, the Curve25519Add and Curve25519ScalarMul precompiles incorrectly handle invalid Ristretto point representations. Instead of returning an error, they silently treat invali...
CVE-2025-54426 Polkadot Frontier contains silent failure in Curve25519 arithmetic precompiles with malformed points
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. In versions prior to commit 36f70d1, the Curve25519Add and Curve25519ScalarMul precompiles incorrectly handle invalid Ristretto point representations. Instead of returning an error, they silently treat invali...
Security Challenges in AI Agent Deployment: Insights from a Large Scale Public Competition
Recent advances have enabled LLM-powered AI agents to autonomously execute complex tasks by combining language model reasoning with tools, memory, and web access. But can these systems be trusted to follow deployment policies in realistic environments, especially under attack? To investigate, we...
PT-2025-31154 · Polkadot · Polkadot Frontier
Name of the Vulnerable Software and Affected Versions: Polkadot Frontier versions prior to 0822030 Description: Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The implementation of CallableByContract incorrectly identified contract addresses running under...
PT-2025-31152 · Parity Technologies · Polkadot Frontier
Name of the Vulnerable Software and Affected Versions: Polkadot Frontier versions prior to a754b3d Description: Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The note min gas price target extrinsic is an inherent extrinsic, callable only by the block...
Polkadot Frontier 代码问题漏洞
Polkadot Frontier is a Polkadot EVM open source application that provides a compatibility layer for Ether VMs. A code issue vulnerability exists in versions of Polkadot Frontier prior to 0822030, which stems from a CallableByContract implementation error that could lead to improperly precompiled...
PT-2025-31151 · Unknown · Polkadot Frontier
Name of the Vulnerable Software and Affected Versions: Polkadot Frontier versions prior to commit 36f70d1 Description: Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The Curve25519Add and Curve25519ScalarMul precompiles incorrectly handle invalid Ristrett...
Polkadot Frontier 代码问题漏洞
Polkadot Frontier is a Polkadot EVM open source application that provides an Ether VM compatibility layer. A code issue vulnerability exists in previous versions of Polkadot Frontier a754b3d that stems from an unimplemented checkinherent function of notemingaspricetarget, which could lead to Gas...
Polkadot Frontier 加密问题漏洞
Polkadot Frontier is a Polkadot EVM open source application that provides an Ethernet VM compatibility layer. A cryptographic issue vulnerability exists in versions prior to Polkadot Frontier 36f70d1, which stems from improper handling of invalid Ristretto points by the Curve25519Add and...
Evaluating the Critical Risks of Amazon'S Nova Premier under the Frontier Model Safety Framework
Nova Premier is Amazon's most capable multimodal foundation model and teacher for model distillation. It processes text, images, and video with a one-million-token context window, enabling analysis of large codebases, 400-page documents, and 90-minute videos in a single prompt. We present the fir...
AIRTBench: Measuring Autonomous AI Red Teaming Capabilities in Language Models
We introduce AIRTBench, an AI red teaming benchmark for evaluating language models' ability to autonomously discover and exploit Artificial Intelligence and Machine Learning AI/ML security vulnerabilities. The benchmark consists of 70 realistic black-box capture-the-flag CTF challenges from the...
SHADE-Arena: Evaluating Sabotage and Monitoring in LLM Agents
As Large Language Models LLMs are increasingly deployed as autonomous agents in complex and long horizon settings, it is critical to evaluate their ability to sabotage users by pursuing hidden objectives. We study the ability of frontier LLMs to evade monitoring and achieve harmful hidden goals...
Teaching an Old LLM Secure Coding: Localized Preference Optimization on Distilled Preferences
LLM generated code often contains security issues. We address two key challenges in improving secure code generation. First, obtaining high quality training data covering a broad set of security issues is critical. To address this, we introduce a method for distilling a preference dataset of...
Asymmetry by Design: Boosting Cyber Defenders with Differential Access to AI
As AI-enabled cyber capabilities become more advanced, we propose "differential access" as a strategy to tilt the cybersecurity balance toward defense by shaping access to these capabilities. We introduce three possible approaches that form a continuum, becoming progressively more restrictive for...
CVE-2023-28431
Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...
CVE-2023-6137
Cross-Site Request Forgery CSRF vulnerability in finnj Frontier Post allows Cross Site Request Forgery.This issue affects Frontier Post: from n/a through 6.1...