Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

81 matches found

CVE
CVEadded 2023/10/13 12:14 p.m.43 views

CVE-2023-45130

Frontier (Substrate’s Ethereum compatibility layer) has a CVE-2023-45130 issue where, prior to commit aea528198b3b226e0d20cce878551fd4c0e3d5d0, invoking opcode SUICIDE on a contract that has large storage can trigger a single IO call across the WebAssembly boundary to remove all storages, potenti...

7.5CVSS7.5AI score0.00253EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2023/10/13 12:14 p.m.11 views

CVE-2023-45130 Frontier opcode SUICIDE touches too many storage values on large contracts

Frontier is Substrate's Ethereum compatibility layer. Prior to commit aea528198b3b226e0d20cce878551fd4c0e3d5d0, at the end of a contract execution, when opcode SUICIDE marks a contract to be deleted, the software uses storage::removeprefix now renamed to storage::clearprefix to remove all storage...

7.5CVSS7.7AI score0.00253EPSS
Exploits0References3
OSV
OSVadded 2023/10/13 12:14 p.m.12 views

CVE-2023-45130 Frontier opcode SUICIDE touches too many storage values on large contracts

Frontier is Substrate's Ethereum compatibility layer. Prior to commit aea528198b3b226e0d20cce878551fd4c0e3d5d0, at the end of a contract execution, when opcode SUICIDE marks a contract to be deleted, the software uses storage::removeprefix now renamed to storage::clearprefix to remove all storage...

7.5CVSS7.4AI score0.00253EPSS
Exploits0References5
CNNVD
CNNVDadded 2023/10/13 12:0 a.m.1 views

Frontier Security Vulnerabilities

Frontier is an EtherCompatible layer for Substrate. It is used to run unmodified Ether Dapps. A security vulnerability exists in previous versions of Frontier aea52819, which stems from a vulnerability that allows an attacker to create contracts with a large number of stored values on a parallel...

7.5CVSS6.6AI score0.00253EPSS
Exploits0References4
NVD
NVDadded 2023/06/14 9:15 p.m.7 views

CVE-2023-34449

ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through CallBuilder::delegate or...

5.3CVSS5.3AI score0.00237EPSS
Exploits1References5
Prion
Prionadded 2023/06/14 9:15 p.m.14 views

Design/Logic Flaw

ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through CallBuilder::delegate or...

5CVSS5.3AI score0.00237EPSS
Exploits1References5Affected Software1
Cvelist
Cvelistadded 2023/06/14 8:10 p.m.11 views

CVE-2023-34449 ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`

ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through CallBuilder::delegate or...

5.3CVSS5.5AI score0.00237EPSS
Exploits1References5
CVE
CVEadded 2023/06/14 8:10 p.m.61 views

CVE-2023-34449

The CVE-2023-34449 issue affects ink! (Rust-based eDSL for Substrate). Affected versions are 4.0.0 up to, but not including, 4.2.1; the bug arises from incorrect decoding of the return value when using delegate call mechanics via CallBuilder::delegate or ink_env::invoke_contract_delegate. The roo...

5.3CVSS5.2AI score0.00237EPSS
Exploits1References5Affected Software1
OSV
OSVadded 2023/06/14 8:10 p.m.11 views

CVE-2023-34449 ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`

ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through CallBuilder::delegate or...

5.3CVSS5.4AI score0.00237EPSS
Exploits1References7
CNNVD
CNNVDadded 2023/06/14 12:0 a.m.3 views

ink! 安全漏洞

ink! is an eDSL that writes smart contracts for blockchains built on the Substrate framework. A security vulnerability exists in ink! version 4.0.0 and earlier that stems from incorrect decoding of stored values when using DelegateCall...

5.3CVSS5.7AI score0.00237EPSS
Exploits1References5
NVD
NVDadded 2023/03/22 9:15 p.m.9 views

CVE-2023-28431

Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...

7.5CVSS7.3AI score0.00772EPSS
Exploits0References4
Prion
Prionadded 2023/03/22 9:15 p.m.8 views

Design/Logic Flaw

Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...

5CVSS7.3AI score0.00772EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2023/03/22 8:11 p.m.56 views

CVE-2023-28431

CVE-2023-28431 describes a vulnerability in Frontier’s modexp precompile used by Substrate. The implementation treats even and odd moduli differently: odd moduli use Montgomery multiplication, while even moduli fall back to a slower plain power algorithm. This mismatch caused a gas-cost discrepan...

7.5CVSS7.3AI score0.00772EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2023/03/22 8:11 p.m.12 views

CVE-2023-28431 Frontier's modexp precompile is slow for even modulus

Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...

7.5CVSS7.2AI score0.00772EPSS
Exploits0References6
Cvelist
Cvelistadded 2023/03/22 8:11 p.m.13 views

CVE-2023-28431 Frontier's modexp precompile is slow for even modulus

Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...

7.5CVSS7.5AI score0.00772EPSS
Exploits0References4
CNNVD
CNNVDadded 2023/03/22 12:0 a.m.2 views

Frontier 安全漏洞

Frontier is an EtherCompatible layer for Substrate. It is used to run unmodified Ethernet Dapps. A security vulnerability exists in Frontier. An attacker could exploit this vulnerability to perform a denial-of-service attack...

7.5CVSS7.3AI score0.00772EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2023/03/21 10:31 p.m.25 views

Frontier's modexp precompile is slow for even modulus

Impact Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery multiplication, and even modulus uses the slow plain power algorithm. This gas cost...

7.5CVSS7.1AI score0.00772EPSS
Exploits0References6Affected Software1
OSV
OSVadded 2023/03/21 10:31 p.m.23 views

GHSA-FCMM-54JP-7VF6 Frontier's modexp precompile is slow for even modulus

Impact Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery multiplication, and even modulus uses the slow plain power algorithm. This gas cost...

7.5CVSS7.4AI score0.00772EPSS
Exploits0References6
NVD
NVDadded 2022/09/24 2:15 a.m.12 views

CVE-2022-39242

Frontier is an Ethereum compatibility layer for Substrate. Prior to commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can constru...

5.3CVSS0.00305EPSS
Exploits0References2
Prion
Prionadded 2022/09/24 2:15 a.m.8 views

Design/Logic Flaw

Frontier is an Ethereum compatibility layer for Substrate. Prior to commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can constru...

5CVSS5.1AI score0.00305EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder