25 matches found
EUVD-2025-22944
Malicious code in bioql PyPI...
EUVD-2025-22949
Malicious code in bioql PyPI...
EUVD-2025-22951
Malicious code in bioql PyPI...
CVE-2025-54427
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...
CVE-2025-54429
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. Some EVM mechanisms should be unreachable by certain types of accounts for...
CVE-2025-54426
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. In versions prior to commit 36f70d1, the Curve25519Add and Curve25519ScalarMul precompiles incorrectly handle invalid Ristretto point representations. Instead of returning an error, they silently treat invali...
CVE-2025-54429
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. Some EVM mechanisms should be unreachable by certain types of accounts for...
CVE-2025-54426
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. In versions prior to commit 36f70d1, the Curve25519Add and Curve25519ScalarMul precompiles incorrectly handle invalid Ristretto point representations. Instead of returning an error, they silently treat invali...
CVE-2025-54429 Polkadot Frontier's constructing smart contract can bypass precompile address bounding
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. Some EVM mechanisms should be unreachable by certain types of accounts for...
CVE-2025-54429 Polkadot Frontier's constructing smart contract can bypass precompile address bounding
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. Some EVM mechanisms should be unreachable by certain types of accounts for...
CVE-2025-54429
CVE-2025-54429 concerns Polkadot Frontier’s CallableByContract addressing logic, where precompile calls could be misclassified due to treating contract addresses under CREATE/CREATE2 as AddressType::EOA instead of AddressType::Contract. This misclassification affects custom precompile implementat...
CVE-2025-54429 Polkadot Frontier's constructing smart contract can bypass precompile address bounding
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. Some EVM mechanisms should be unreachable by certain types of accounts for...
CVE-2025-54427 Polkadot Frontier contains missing `check_inherent` for `note_min_gas_price_target` inflates gas price
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...
CVE-2025-54427 Polkadot Frontier contains missing `check_inherent` for `note_min_gas_price_target` inflates gas price
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...
CVE-2025-54427 Polkadot Frontier contains missing `check_inherent` for `note_min_gas_price_target` inflates gas price
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...
CVE-2025-54426 Polkadot Frontier contains silent failure in Curve25519 arithmetic precompiles with malformed points
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. In versions prior to commit 36f70d1, the Curve25519Add and Curve25519ScalarMul precompiles incorrectly handle invalid Ristretto point representations. Instead of returning an error, they silently treat invali...
CVE-2025-54426
Summary: Polkadot Frontier’s Curve25519Add and Curve25519ScalarMul precompiles mis-handle invalid Ristretto point representations in versions before commit 36f70d1, silently treating malformed inputs as the Ristretto identity element and potentially yielding incorrect cryptographic results. This ...
CVE-2025-54426 Polkadot Frontier contains silent failure in Curve25519 arithmetic precompiles with malformed points
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. In versions prior to commit 36f70d1, the Curve25519Add and Curve25519ScalarMul precompiles incorrectly handle invalid Ristretto point representations. Instead of returning an error, they silently treat invali...
CVE-2025-54426 Polkadot Frontier contains silent failure in Curve25519 arithmetic precompiles with malformed points
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. In versions prior to commit 36f70d1, the Curve25519Add and Curve25519ScalarMul precompiles incorrectly handle invalid Ristretto point representations. Instead of returning an error, they silently treat invali...
Polkadot Frontier 加密问题漏洞
Polkadot Frontier is a Polkadot EVM open source application that provides an Ethernet VM compatibility layer. A cryptographic issue vulnerability exists in versions prior to Polkadot Frontier 36f70d1, which stems from improper handling of invalid Ristretto points by the Curve25519Add and...