Transaction validity oversight in pallet-ethereum

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26, a bug in `pallet-ethereum` can cause invalid transactions to be included in the Ethereum block state in `pallet-ethereum` due to not validating the input data size. Any invalid transactions included this way have no possibility to alter the internal Ethereum or Substrate state. The transaction will appear to have be included, but is of no effect as it is rejected by the EVM engine. The impact is further limited by Substrate extrinsic size constraints. A patch is available in commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26. There are no workarounds aside from applying the patch.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

输入验证不恰当

Github Frontier 输入验证错误漏洞

Github Frontier是Substrate 的以太坊兼容层。它允许您运行未经修改的以太坊 dapp。 Frontier 存在输入验证错误漏洞，该漏洞源于程序未验证输入数据大小，"pallet-ethereum"中的一个错误可能会导致无效交易包含在“pallet-ethereum”中的以太坊块状态中。

N/A

N/A