CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45130 – Frontier opcode SUICIDE touches too many storage values on large contracts
https://notcve.org/view.php?id=CVE-2023-45130
Frontier is Substrate's Ethereum compatibility layer. Prior to commit aea528198b3b226e0d20cce878551fd4c0e3d5d0, at the end of a contract execution, when opcode SUICIDE marks a contract to be deleted, the software uses `storage::remove_prefix` (now renamed to `storage::clear_prefix`) to remove all storages associated with it. This is a single IO primitive call passing the WebAssembly boundary. For large contracts, the call (without providing a `limit` parameter) can be slow. In addition, for parachains, all storages to be deleted will be part of the PoV, which easily exceed relay chain PoV size limit. • https://github.com/paritytech/frontier/commit/aea528198b3b226e0d20cce878551fd4c0e3d5d0 https://github.com/paritytech/frontier/pull/1212 https://github.com/paritytech/frontier/security/advisories/GHSA-gc88-2gvv-gp3v • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 3CVE-2023-34449 – ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`
https://notcve.org/view.php?id=CVE-2023-34449
ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through `CallBuilder::delegate` or `ink_env::invoke_contract_delegate`, is decoded incorrectly. This bug was related to the mechanics around decoding a call's return buffer, which was changed as part of pull request 1450. Since this feature was only released in ink! • https://docs.rs/ink_env/4.2.0/ink_env/call/struct.CallBuilder.html#method.delegate https://docs.rs/ink_env/4.2.0/ink_env/fn.invoke_contract_delegate.html https://github.com/paritytech/ink/commit/f1407ee9f87e5f64d467a22d26ee88f61db7f3db https://github.com/paritytech/ink/pull/1450 https://github.com/paritytech/ink/security/advisories/GHSA-853p-5678-hv8f • CWE-253: Incorrect Check of Function Return Value CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28431 – Frontier's modexp precompile is slow for even modulus
https://notcve.org/view.php?id=CVE-2023-28431
Frontier is an Ethereum compatibility layer for Substrate. Frontier's `modexp` precompile uses `num-bigint` crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery multiplication, and even modulus uses the slow plain power algorithm. This gas cost discrepancy was not accounted for in the `modexp` precompile, leading to possible denial of service attacks. No fixes for `num-bigint` are currently available, and thus this issue is fixed in the short term by raising the gas costs for even modulus, and in the long term fixing it in `num-bigint` or switching to another modexp implementation. • https://github.com/paritytech/frontier/commit/5af12e94d7dfc8a0208a290643a800f55de7b219 https://github.com/paritytech/frontier/pull/1017 https://github.com/paritytech/frontier/security/advisories/GHSA-fcmm-54jp-7vf6 https://github.com/rust-num/num-bigint/blob/6f2b8e0fc218dbd0f49bebb8db2d1a771fe6bafa/src/biguint/power.rs#L134 • CWE-682: Incorrect Calculation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39242 – Incorrect Calculation in Frontier leads to inflated Ethereum chain gas prices
https://notcve.org/view.php?id=CVE-2022-39242
Frontier is an Ethereum compatibility layer for Substrate. Prior to commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can construct blocks with transactions that have large amount of refunds or unused gases with reverts, and as a result inflate up the chain gas prices. The impact of this issue is limited in that the spamming attack would still be costly for any adversary, and it has no ability to alter any chain state. This issue has been patched in commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658. • https://github.com/paritytech/frontier/pull/851 https://github.com/paritytech/frontier/security/advisories/GHSA-v57h-6hmh-g2p4 • CWE-682: Incorrect Calculation •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36008 – Message length overflow in frontier
https://notcve.org/view.php?id=CVE-2022-36008
Frontier is Substrate's Ethereum compatibility layer. A security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would cause the exit reason being incorrectly parsed and returned by RPC. In debug build, this would cause an overflow panic. No action is needed unless you have a bridge node that needs to distinguish different reversion exit reasons and you used RPC for this. • https://github.com/paritytech/frontier/commit/fff8cc43b7756ce3979a38fc473f38e6e24ac451 https://github.com/paritytech/frontier/pull/820 https://github.com/paritytech/frontier/security/advisories/GHSA-mjvm-mhgc-q4gp • CWE-190: Integer Overflow or Wraparound •