Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Polkadot Frontier's constructing smart contract can bypass precompile address bounding
Vulnerability Description
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. Some EVM mechanisms should be unreachable by certain types of accounts for safety. For precompiles to be callable by smart contracts they must be explicitly configured as CallableByContract. If this configuration is absent, then the precompile should be unreachable via smart contract accounts. In commits prior to 0822030, the underlying implementation of CallableByContract which returned the AddressType was incorrect. It considered the contract address running under CREATE or CREATE2 to be AddressType::EOA rather than correctly as AddressType::Contract. The issue only affects users who use custom precompile implementations that utilize AddressType::EOA and AddressType::Contract. It's not directly exploitable in any of the predefined precompiles in Frontier. This is fixed in version 0822030.
CVSS Information
N/A
Vulnerability Type
不正确的类型转换
Vulnerability Title
Polkadot Frontier 代码问题漏洞
Vulnerability Description
Polkadot Frontier是Polkadot EVM开源的一个提供以太坊虚拟机兼容层的应用程序。 Polkadot Frontier 0822030之前版本存在代码问题漏洞,该漏洞源于CallableByContract实现错误,可能导致预编译调用不当。
CVSS Information
N/A
Vulnerability Type
N/A