Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Transaction validity oversight in pallet-ethereum
Vulnerability Description
Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26, a bug in `pallet-ethereum` can cause invalid transactions to be included in the Ethereum block state in `pallet-ethereum` due to not validating the input data size. Any invalid transactions included this way have no possibility to alter the internal Ethereum or Substrate state. The transaction will appear to have be included, but is of no effect as it is rejected by the EVM engine. The impact is further limited by Substrate extrinsic size constraints. A patch is available in commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26. There are no workarounds aside from applying the patch.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
Github Frontier 输入验证错误漏洞
Vulnerability Description
Github Frontier是Substrate 的以太坊兼容层。它允许您运行未经修改的以太坊 dapp。 Frontier 存在输入验证错误漏洞,该漏洞源于程序未验证输入数据大小,"pallet-ethereum"中的一个错误可能会导致无效交易包含在“pallet-ethereum”中的以太坊块状态中。
CVSS Information
N/A
Vulnerability Type
N/A