8 matches found
CVE-2022-36008
Frontier (Substrate’s Ethereum compatibility layer) has a CVE-2022-36008 affecting parsing of the RPC exit reason for EVM reversion. In release builds, the RPC could return an incorrectly parsed exit reason; in debug builds, an overflow panic could occur. The issue is only relevant if a bridge no...
CVE-2022-21685
CVE-2022-21685 affects Frontier’s MODEXP precompile in Substrate’s Ethereum compatibility layer. The root cause is a bug in the MODEXP precompile that can trigger an integer underflow. Impact: Debug builds: possible node crash Release/WebAssembly: limited impact to EVM out-of-gasMitigation: apply...
CVE-2023-28431
CVE-2023-28431 describes a vulnerability in Frontier’s modexp precompile used by Substrate. The implementation treats even and odd moduli differently: odd moduli use Montgomery multiplication, while even moduli fall back to a slower plain power algorithm. This mismatch caused a gas-cost discrepan...
CVE-2022-39242
CVE-2022-39242 affects Frontier, an Ethereum compatibility layer for Substrate. The root cause is that the worst-case weight was always counted as the block weight in all cases, allowing large EVM gas refunds to enable block spamming and inflate chain gas prices. The impact is limited: attack cos...
CVE-2021-39193
CVE-2021-39193 concerns Frontier’s Ethereum compatibility layer (Frontier) and specifically a bug in the Substrate pallet-ethereum. Before commit 0b962f218f0cdd796dadfe26c3f09e68f7861b26, input data size validation was faulty, which could allow invalid transactions to be included in the Ethereum ...
CVE-2021-41138
CVE-2021-41138 concerns Frontier, Substrate’s Ethereum compatibility layer. A signed Frontier-specific extrinsic for pallet-ethereum caused many validation checks to run only during transaction pool validation, not during block execution, allowing malicious validators to include invalid transacti...
CVE-2023-45130
Frontier (Substrate’s Ethereum compatibility layer) has a CVE-2023-45130 issue where, prior to commit aea528198b3b226e0d20cce878551fd4c0e3d5d0, invoking opcode SUICIDE on a contract that has large storage can trigger a single IO call across the WebAssembly boundary to remove all storages, potenti...
CVE-2022-31111
Frontier (Substrate’s Ethereum compatibility layer) is affected by a truncation error when converting between EVM balance type and Substrate balance type. In affected versions this can cause a discrepancy between the appeared EVM transfer value and the actual Substrate value transferred. The issu...