Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Validity check for signed Frontier-specific extrinsic not called in block execution
Vulnerability Description
Frontier is Substrate's Ethereum compatibility layer. In the newly introduced signed Frontier-specific extrinsic for `pallet-ethereum`, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. Malicious validators can take advantage of this to put invalid transactions into a block. The attack is limited in that the signature is always validated, and the majority of the validation is done again in the subsequent `pallet-evm` execution logic. However, do note that a chain ID replay attack was possible. In addition, spamming attacks are of main concerns, while they are limited by Substrate block size limits and other factors. The issue is patched in commit `146bb48849e5393004be5c88beefe76fdf009aba`.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
Frontier 输入验证错误漏洞
Vulnerability Description
Frontier是一个 Substrate 的以太坊兼容层。用于运行未经修改的以太坊 Dapp。 Frontier 存在输入验证错误漏洞,该漏洞源于软件在最近为“pallet ethereum”引入的签名的Frontier-specific Exterinsic中,很大一部分事务验证逻辑只在事务池验证中调用,而不在块执行中调用。恶意验证程序可以利用这一点将无效事务放入块中。攻击局限性在于始终验证签名,并且大多数验证在随后的“palet -evm”执行逻辑中再次执行。但是链ID重放攻击是可能的。
CVSS Information
N/A
Vulnerability Type
N/A